Firewall Information Not Populated

This is a support forum for the new PFSense Manager plugin for ConnectWise Automate. This forum is open to discuss issues and feature requests.
ckatri
Posts: 7
Joined: Mon Oct 24, 2022 7:20 pm

Firewall Information Not Populated

Post by ckatri »

I am having difficulty adding a firewall and a few questions.
1. How do I get the firewall information to be fetched? I can't get it to show as green
2. Is the information queried from an automate agent on the same network? Or does the webCfg UI have to be open for a server to access.
3. I was able at one point to get the plugin to query the API for information, which I saw in the pfsense logs, but then it stopped after a few minutes and never showed in the plugin.

Thank you,
Cameron

User avatar
Cubert
Posts: 2134
Joined: Tue Dec 29, 2015 7:57 pm
6
Contact:

Re: Firewall Information Not Populated

Post by Cubert »

I would start with a solid read here,

https://github.com/jaredhendrickson13/pfsense-api

It talks about login security, and how the API reacts. It talks about what happens with updates and upgrades and it will help assist in confirming that your API settings are working. It will show you how PFsense logs access so you can see if agents are being rejected.


Once our plugin can authenticate and make the first queries the dot should go green. (unless API is out of date)

You can use tools like POSTMAN to query your API directly to see if it is working as expected.

ckatri
Posts: 7
Joined: Mon Oct 24, 2022 7:20 pm

Re: Firewall Information Not Populated

Post by ckatri »

I have read all that, and confirmed that the API is working correctly, I am able to query it manually with curl with the login information I provided to the plugin.

User avatar
Cubert
Posts: 2134
Joined: Tue Dec 29, 2015 7:57 pm
6
Contact:

Re: Firewall Information Not Populated

Post by Cubert »

Very good, That's has to be working before anything else will operate.

So now that you enabled a firewall, When enabled a scan is preformed by a Windows agent at the location where device is located. This agent is selected by looking for the most resent online agent with the highest Windows version. The scan takes a minute to complete and returns a XML Backup of the device along with its current configuration data as displayed in the plugin.

So we need to force a scan and look for the agent being used under that location. It will be a agent with the highest OS versions and is picked at random, being on line. That agent will have script logs that will show the script "PFSense Manager Maintenance" running different commands on agent and the returns. We need to see what the agent is reporting back during probe.

To find out what agent is being used at any given location, look to the server logs for the plugin on the Automate Host.

C:\Program Files\LabTech\Logs\plugin_pfsensemanager.txt

Look for line entries like this:
PFSense Manager using agent [Agent ID] to service [Firewall IP] device"

Also review this log for errors and any abnormalities.

Post these script, command and server logs up here and I will review them to see what may be causing the issues.

ckatri
Posts: 7
Joined: Mon Oct 24, 2022 7:20 pm

Re: Firewall Information Not Populated

Post by ckatri »

I just checked and it seems to have worked for population the information but I am not seeing a backup. I also seem to have found part of the issue: the agent it is choosing at random is a laptop that is not actually on the network. Is it possible at all to manually select an agent? We have some computers that are guaranteed to be available, so it would be ideal if we could hardcode it to always use one of those.

User avatar
Cubert
Posts: 2134
Joined: Tue Dec 29, 2015 7:57 pm
6
Contact:

Re: Firewall Information Not Populated

Post by Cubert »

Not currently but I could look to add in a agent selection list to the add firewall button so you could select what agent to run scans against.

ckatri
Posts: 7
Joined: Mon Oct 24, 2022 7:20 pm

Re: Firewall Information Not Populated

Post by ckatri »

That would be very useful.

ckatri
Posts: 7
Joined: Mon Oct 24, 2022 7:20 pm

Re: Firewall Information Not Populated

Post by ckatri »

Hey, what is the status on this? This feature is necessary for this plugin to be of any use to us.

User avatar
Cubert
Posts: 2134
Joined: Tue Dec 29, 2015 7:57 pm
6
Contact:

Re: Firewall Information Not Populated

Post by Cubert »

Sorry for the late reply, was out on holiday.

As for your request, we have added it to the code base and it is available in build 2.0.0.2 available here

Build 2.0.0.2

What's new:
You now have 2 new items in menu. Manage what agents are used at what locations and a client scan button to allow you to force a scan now.


menu2.0.png
menu2.0.png (8.42 KiB) Viewed 20 times


The set Location and agent menu item will bring you to a control that will allow you to select any location for client then any agent under that location.


location-agent.png
location-agent.png (17.87 KiB) Viewed 20 times

ckatri
Posts: 7
Joined: Mon Oct 24, 2022 7:20 pm

Re: Firewall Information Not Populated

Post by ckatri »

Thank you, I was just checking it out, two notes:
1. The new "scan client firewall" does not seem to work
2. the execute command does not respect the new agent selection

Post Reply

Return to “NetGate PFSense Manager Plugin for ConnectWise Automate”