Skip to content

Supported devices

Retrieving configuration files

Manufacturer Type Configuration files needed
Alcatel Lucent Omniswitch save [filename]
Amazon Web Service EC2 aws ec2 describe-security-groups
aws ec2 describe-instances
Azure Cloud Azure Cloud Shell (PowerShell 2.1.0): Export-AzResourceGroup
Check Point - R77: /etc/fw/conf/objects_5_0.C
/etc/fw/conf/rulebases_5_0.fws
R80: see instructions below table
Cisco Firewall, Router, Switch show running-config
Enterasys - save config
Extreme Switch save configuration [primary , secondary , existing-config , new-config] (check which config is running with use configuration)
FreeBSD (PF) - ruleset: cat /etc/pf.conf
interfaces: ifconfig -a
Fortinet - show full-configuration
Hirschmann Eagle One copy config running-config nv [profile_name]
HP Switch show running-config
IPTables - ruleset: iptables-save
interfaces: cat /etc/network/interfaces
Juniper JunOS show configuration
NetScreen get config all
NetGear Switch CLI: show running-config all. Web UI: Maintenance > Download Configuration
Palo Alto - Device > Setup > Operations > Export named config. snapshot
For Panorama: see instructions below this table
pfSense - Diagnostics > Backup & Restore > Download configuration as XML
RuggedCom ROS config.csv
ROX admin > save-fullconfiguration. Choose format "cli" and indicate file name
Scalance X300-400 cfgsave
SEL-3620 - From "Diagnostics", click on "Update Diagnostics" and copy the text
Sonic Wall - "Export Settings, then Export (default file name: sonicwall.exp)"
VMware NSX GET https://{nsxmgr-ip}/api/4.0/edges/ (XML format)
Learn more about vCenter and VSX
WatchGuard - Select Manage System > Import/Export Configuration

Instructions for Panorama

  1. Follow the 4 steps of generating the tech support file from Panorama: https://live.paloaltonetworks.com/t5/Featured-Articles/How-to-generate-and-Upload-a-Tech-Support-File-Using-the-WebGUI/ta-p/60757
  2. Expand the tarball and look into the following location: opt/pancfg/mgmt/saved-configs/.merged-running-config.xml. It is a hidden (dot) file so it may not show up in your file explorer but you can find it via terminal or by changing the file explorer or finder settings
  3. Rename .merged-running-config.xml into merged-running-config.xml (remove the dot) and import the file into NP-View

Instructions for Check Point

With version R77 or earlier, Check Point has been storing the information needed by NP-View into two flat files named: objects_5_0.C and rulebases_5_0.fws. Those two files can usually be found in the folder /etc/fw/conf of the Check Point Management Server. In the case of a multi-domain environment, the following command can help locate the correct set of files: find / -name "rulebases_5_0.fws" -ls. Usually each domain is a subdirectory under $MDSDIR/customers/ on the Checkpoint Multi-Domain Management Server (MDS) management station.

Starting with version R80, Check Point is replacing flat files with a database. NP-View will soon be supporting the new database system. In the meantime, one can still create a NP-View project using the traditional files objects_5_0.C and either a global rulebases_5_0.fws or individual device policies saved into separate .W files. The Check Point manager periodically save the ruleset into flat files in addition to keeping the database up to date. The commands find / -name "rulebases_5_0.fws" -ls or find / -name "*.W" -ls can help locate where the files are stored on the system. One should make sure the files are not empty (the size should be larger than a few hundred bytes) and the last updated timestamp is sufficiently recent.

Once the files have been identified, they can transferred to the NP-View workstation using scp or WinSCP.

Optionnally, from each checkpoint host, one can extract firewall specific route information using netstat:

 netstat -rn > /root/`hostname`.txt

To create a NP-View project, import:

  • one objects_5_0.C
  • one rulebases_5_0.fws or multiple .W policy files
  • (optional) hostname.txt
  • (optional) identity_roles.C

Instructions for FirePower

For Cisco devices running FirePower, please run show running-config on the command line terminal of each device you'd like to import into NP-View or NP-Live.

Upcoming Parsers

  • Allied Telesys: 2019 Q4
  • Google Cloud firewall: 2019 Q4
  • OpenSense/ IPCop / IPFire: 2019 Q4
  • Dell: 2019 Q4
  • Cisco Meraki: 2020
  • F5: 2020
  • Foundry Switches: 2020
  • Brocade: 2020
  • Barracuda: 2020
  • 3com: 2020
  • Adtran: 2020

Please contact the support team to discuss parser prioritization or if you need support for a device not yet listed.

Need help importing a configuration file?

Some configuration files may not be fully supported by the NP-View parser yet. Please refer to the table below to see which features are supported or still work in progress. To help us improve, please send us the debug logs from the Log tab in NP-View or contact us directly at support@network-perception.com. You can also share sample files securely through the Portal File Vault.

Additional supported files

Hostname

Once network device configuration files have been imported, one can also import a hostname file in order to add new hosts to the topology map. The hostname file is a simple text file with two colums: IP address and hostname separate by a tab.

Netstat for process list

The output of the Netstat command on Windows and Linux can be saved to a text file and then imported into an existing project. Service information will be extracted from the Netstat output file and added to the host attribute. The flags to use for the Netstat command are:

  • On Windows: netstat -abon
  • On Linux: netstat -atunp

Netstat for routes / route table dump

The command netstat -rn can provide a list of routes that can be parsed by NP-Live. The output of the command show route on Cisco devices can also be parsed by NP-Live. It is important to name the files that include the output of those commands after the hostname of the device where the command was issued (for example: {hostname}.txt). This will enable NP-Live to associate the route information with the proper device.

Nmap / Nexpose / Nessus

The output from network scanners can be imported into an existing project in order to add new hosts and port information to the topology map and host attributes. The supported scanners are currently Nmap, Nexpose, and Nessus. One should save their report using the XML format in order to import them into NP-View or NP-Live.