Vendor Integration
The Vendor Integration function allows you to log into a firewall or firewall manager and change the route table on the firewall to program the routing for FireNet, or to change routing if a gateway in FireNet fails.
You can also use Vendor Integration to configure the RFC 1918 and non-RFC 1918 routes between the Aviatrix Gateway and the vendor’s firewall instance.
-
From the FireNet tab, right-click the link icon
and select Vendor Integration.
-
Select Through Firewall or Through Firewall Manager.
You should only select the latter if the Vendor is a Palo Alto firewall.
-
Configure the following:
Field Description Management IP Address
Management IP address of the firewall
Vendor
Firewall vendor (Palo Alto Networks VM-Series, Fortinet FortiGate, Check Point CloudGuard)
Authentication (Check Point CloudGuard)
Password or Private Key (check where this info comes from)
Username (Check Point, Palo Alto, FQDN Gateway)
Username for logging on to the firewall.
Password (Check Point, Palo Alto, FQDN Gateway)
Password for logging on to the firewall.
Private Key (Check Point)
If you selected Private Key authentication for your Check Point firewall, you must upload the private key here.
Template Name (Firewall Manager Vendor only)
Name of the template.
Template Stack Name (Firewall Manager Vendor only)
Name of the Template Stack.
Route Table (Check Point, Palo Alto)
Optional
API Token (Fortinet FortiGate only)
-
Click Save.
To revoke Vendor Integration:
-
Select Vendor Integration as per step 1 above, and then click Revoke Integration on the dialog.
-
You are prompted to remove If you are sure you want to revoke the vendor integration for this firewall. If you want to do so, click Revoke.
You can click the Sync Routes to Firewall button on the Firewall details panel to ensure that the FireNet routes are synced to the selected firewall.
Since vendor integration requires that the firewall be pinged periodically, you should configure the 'ping' ability in the respective firewall UIs.