WatchGuard Firebox Devices

The procedure for extracting configurations from WatchGuard Firebox devices can be done through the WatchGuard System Manager (WSM), the Firebox System Web UI or using Command-Line Interface (CLI) via SSH on the WatchGuard device.

Using WatchGuard System Manager (WSM)

Use these steps provided to retrieve the configuration of the WatchGuard Firebox device:

  1. Connect to the Firebox:

    • Open the WatchGuard System Manager (WSM) on your computer.
    • In WSM, click the “Firebox” icon or go to File > Connect.
    • Enter the IP address of your Firebox device.
    • Log in with the administrator username and password.

  2. Download Configuration:

    • Once you are logged in, go to Firewall > Save Configuration.
    • You can then choose to save the configuration as a backup file on your local machine.

  3. Add file to Nipper:

    • You will now be able to retrieve the saved file from the server and add this into Nipper to be audited.

Using Firebox System Web UI

Use these steps provided to retrieve the configuration of the WatchGuard Firebox device:

  1. Access the Firebox Web UI:

    • Open a web browser and enter the Firebox's IP address (typically the external IP).
    • Log in using your admin credentials.

  2. Backup Configuration:

    • Once logged in, navigate to System > Backup.
    • Download the configuration file, which will be saved as a .zip file containing the backup.

  3. Prepare the File for Nipper

    • Extract the .zip file to access the configuration file inside.
    • Nipper expects an XML file, so ensure you locate and use the correct XML file from the extracted contents.

  4. Add file to Nipper:

    • Retrieve the extracted XML file and import it into Nipper for auditing.

Using CLI (Command Line Interface)

To retrieve the configuration from a WatchGuard Firebox Devices device via SSH, you can use the command-line interface (CLI) to export the configuration. Below is the step-by-step guide for retrieving the configuration using SSH.

Prerequisites:

  • SSH access is enabled on the WatchGuard Firebox Device
  • SSH client (like PuTTY or terminal) for connecting to the device
  • Administrative credentials for logging into the device

Steps for Retrieving Configuration via SSH:

  1. Enable SSH on the FireBox:

    • Before you can connect via SSH, you may need to enable SSH access from the FireBox Web UI under System > Admin > Access > SSH Settings.
    • Ensure that you enable SSH access on the interface you’ll be connecting from.

  2. Connect via SSH:

    • Using an SSH client (e.g. PuTTY, OpenSSH), connect to the FireBox device
    • Use the admin credentials to log in.

  3. Export Configuration:

    • Once logged in, run the following command to back up the configuration:
      config save <backup_filename>
    • This will save the configuration file with the name specified
    • You can then use SCP or FTP to transfer the file from the Firebox to your local machine.

  4. Add file to Nipper:

    • You will now be able to retrieve the saved file from the server and add this into Nipper to be audited.