CSV import file format

This topic lists the headers and values supported for CSV files used to import or update device data in AFA.

Note: Header values are case sensitive. Using header values with different cases from those listed below will cause unexpected results in your file upload.

For more details, see Add/update multiple devices in bulk and the How to Import and Mange Devices in Bulk from a .CSV File AlgoPedia article.

Tip: You can also use a CSV file to assign additional device identifiers for primary/parent devices or device sub-systems, such as VSYS or VDOM. In such cases, you only need to include the name and additional_fw_ips values.

Basic device description headers

Header name Description
brand

The device brand. For more details, see Supported device brand values.

Required for all devices except for the following:

  • Cisco IOS
  • Cisco ASA/PIX/FWSM
  • Juniper Netscreen

Specify these brand types in the Bulk Add/Update Device dialog instead.

name

The device ID (tree name).

Required for all device types.

This is an internal name, usually the name displayed in the tree, without non-alphanumeric characters or spaces.

If you're specifying a sub-system, this is the name of the sub-system.

display_name

The name as it appears in the device tree, including spaces and other special or numeric characters.

Optional for all devices

Default: If this column is missing or empty, the device is added using the device's host name.

Supported device brand values

Enter the following values to indicate device brands:

Analysis and monitoring devices

  • asa. Cisco ASA
  • bluecoat. Symantec Blue Coat
  • f5bigip
  • f5bigip_afm. F5 BIG-IP LTM and AFM
  • f5bigip_full. F5 BIG-IP LTM Only
  • fortigate. Fortinet Fortigate
  • fwsm (Cisco FWSM)

  • ios. Cisco IOS
  • junos. Juniper SRX
  • junosmxrouter. Juniper M/E Routers
  • nexus. Cisco Nexus
  • nsc. Juniper Netscreen
  • nsx. VMware NSX
  • paloalto. Palo Alto Networks firewall

Monitoring-only devices

  • ace. Cisco ACE
  • avaya. Avaya Routing Switch
  • brocade. Brocade VDX
  • junipersa. Juniper Secure Access (SSL VPN)
  • junosrouter. Juniper Routers (non-M/E)
  • netfilter. Linux netfilter iptables
  • sonicwall. SonicWall
  • topsec. Topsec Firewall
  • watchguard. WatchGuard

Back to top

Access information headers

Header name Description
host_name

The device host name or IP address.

Required for all device types.

user_name

The username used to access the device.

Required for all device types.

passwd

The password used to access the device.

Required for all device types unless CyberArk authentication is used.

Note: For Cisco IOS or ASA devices enabled for CyberArk, the Password and Enable User Password must be the same.

enable_user_name

The enable user name.

Relevant and required only for Cisco ISO devices.

epasswd

The enable password.

Relevant and required only for the following devices, unless CyberArk authentication is used on these devices:

  • Cisco IOS
  • Cisco ASA
  • Symantec Blue Coat

For more details, see CyberArk-related headers.

Note: For Cisco IOS or ASA devices enabled for CyberArk, the Password and Enable User Password must be the same.

Back to top

Cisco-related headers

Header name Description
rules_view

Determines how rules are displayed in device reports, as one of the following:

  • ASDM. (Default) Display rules in the Cisco Adaptive Security Device Manager (ASDM) graphical interface.
  • CLI. Display rules in command line format.

Relevant for Cisco ASA devices only.

Back to top

CyberArk-related headers

Header name Description
use_cyberark

Determines whether to use CyberArk authentication:

  • yes
  • no

Required for CyberArk devices.

cyberark_platform

Defines the CyberArk platform name.

Required for CyberArk devices.

cyberark_safe

Defines the CyberArk safe.

Required for CyberArk devices.

cyberark_folder

Defines the CyberArk folder.

Required for CyberArk devices.

cyberark_object

Defines the CyberArk object.

Required for CyberArk devices.

cyberark_enable_platform

Defines the CyberArk platform for the enable password.

Optional, and relevant only for CyberArk devices.

cyberark_enable_safe

Defines the CyberArk safe for the enable password.

Optional, and relevant only for CyberArk devices.

cyberark_enable_folder

Defines the CyberArk folder for the enable password.

Optional, and relevant only for CyberArk devices.

cyberark_enable_object

Defines the CyberArk object for the enable password.

Optional, and relevant only for CyberArk devices.

Back to top

Advanced headers

Header name Description
separate_vrfs

Determines whether to split the device into VRFs:

  • yes (Default)
  • no

Relevant only for the following devices:

  • Juniper Netscreen
  • Juniper SRX
  • Cisco IOS
  • Cisco Nexus
full_analysis

Determines whether to include risk analysis and policy optimization details in the device reports:

  • yes (Default)
  • no

Relevant for Cisco IOS and Cisco Nexus devices only.

Back to top

Remote management headers

Header name Description
con

Determines the connection type as one of the following:

  • SSH
  • SSH (3des). Cisco ASA only
  • SSH (des). Cisco ASA only
  • TELNET. For the following device types:
    • Juniper
    • Cisco
    • Blue Coat
    • Fortigate
    • Palo Alto
    • Linux Netfilter

Required for all devices except the following:

  • VMware NSX
  • Cisco ACI

These devices connect to AFA via REST.

number_of_allowed_encryption_keys

Determines the permitted number of different RSA keys that AFA can receive from the device's IP address, as follows:

  • 1
  • 2
  • unlimited (Default)

Note: Relevant only when using SSH. This might be required in cases of cluster fail-over, device operating system upgrades, and so on.

ssh_port

Defines the port to use for an SSH connection.

Relevant only when using SSH.

Defaults:

  • 4118 for WatchGuard devices
  • 22 for all other devices

Back to top

Log and monitoring headers

Note: Assigning syslog identifiers for sub-systems must be done as a part of updating devices in bulk, not as a part of adding devices in bulk. The parent device must already be defined in AFA.

Header name Description
collect_log

Determines whether AFA collects logs for the device:

  • yes
  • no (Default)

Relevant for the following device types:

  • Cisco ASA/FWSM
  • F5 BIG-IP
  • FortiGate,
  • Juniper Netscreen
  • Juniper SRX
  • Palo Alto

Note: For Cisco ASA and FWSM devices, set to no to enable logging with only hit-counter data.

log_collection_mode

Determines the method for collecting logs for the device:

  • standard. Enable log collection.
  • extensive. (Default) Enable log collection and the Intelligent Policy Tuner.

Relevant when log collection is enabled.

collect_log_from

Determines whether AFA collects logs from the NSM or a syslog-ng server:

  • nsm (Default)
  • syslog

Relevant for Juniper Netscreen when log collection is enabled.

Note: If traffic logs and audit logs are not on the same server, specify the audit log server using additional headers listed below. In such cases, this value defines a value for the traffic log server.

log_host_name

Defines the host name or IP address of the server/device sending logs to AFA.

Relevant when log collection is enabled.

log_user_name

Defines the user name used to connect to the server/device sending logs to AFA.

Relevant when log collection is enabled.

Note: To collect logs from a remote syslog-ng server using a user other that root, you must configure the server separately.

For details, see Configure an external Syslog server for AFA messages.

log_passwd

Defines a password for connecting to the server/device sending logs to AFA.

Relevant when log collection is enabled.

collect_log_from_adt

Determines whether AFA collects audit logs from the NSM or a syslog-ng server:

  • nsm
  • syslog

Relevant for Juniper Netscreen when log collection is enabled.

Note: By default, the audit log server is the same as the traffic log server.

log_host_name_adt

Defines the host name or IP address of the server/device sending audit logs to AFA.

Relevant for Juniper Netscreen when:

  • Log collection is enabled
  • The audit log server is different from the traffic log server
log_user_name_adt

Defines the user name for connecting to the server/device sending audit logs to AFA.

Relevant for Juniper Netscreen when:

  • Log collection is enabled
  • The audit log server is different from the traffic log server
log_passwd_adt

Defines the password for connecting to the server/device sending audit logs to AFA.

log_collection_frequency

Defines how often AFA collects logs for the device, in minutes.

Relevant for Juniper Netscreen when:

  • Log collection is enabled
  • The audit log server is different from the traffic log server
additional_fw_ips

Defines any additional IP addresses or host names that identify the device, with colon-separated values.

Relevant when log collection is enabled.

Back to top

Additional headers

Header name Description
collector

Defines a server to manage the device's data:

  • Central Manager (default)
  • The name of any remote agent

Relevant only when AFA is configured for geographic distribution.

baseline_profile

Defines the baseline compliance profile to use when generating reports for the device.

Optional for all devices.

root_psw

Defines a password to increase permissions on the device to root user permissions.

Relevant only for Linux Netfilter IPTables

Tip: Devices usually block the ability to access the device as user root. Enable root access to the device to improve AFA support.

monitoring

Determines whether to enable real-time alerts for configuration changes:

  • yes. Default for real/live devices.
  • no. Default for file devices.

Optional for all devices.

For more details, see Configure real-time monitoring.

set_user_permissions

Determines whether you can set user permissions for the device:

  • yes (Default)
  • no

Optional for all devices.

firewall_users

Defines the users with access to the reports produced for the device.

Separate multiple usernames with slashes (/).

Relevant when setting user permissions is enabled for the device.

Back to top

SNPM polling headers

Header name Description
snmp_version

Determines the SNMP version:

  • snmpv2c
  • snmpv3

Relevant only for the following devices:

  • Symantec Blue Coat
  • Juniper Secure Access (SSL VPN)
  • Linux netfilter iptables
  • SonicWall
  • Topsec
  • WatchGuard
  • SECUI MF2
  • Avaya Routing Switch
  • Brocade VDX
snmp_community

Defines the SNMP community string.

Required and relevant only when using SNMPv2c.

snmp_username

Defines the SNMP Security Name (username).

Required and relevant only when using SNMPv2c.

snmp_auth_password

Defines the authentication password.

Required and relevant only when:

  • Using SNMPv2c
  • The authentication protocol is specified
snmp_auth_protocol

Determines the authentication protocol:

  • md5
  • sha
  • empty

Required and relevant only when using SNMPv2c.

snmp_priv_password

Defines the authentication password.

Required and relevant only when:

  • Using SNMPv2c
  • The privacy protocol is specified
snmp_priv_protocol

Determines the privacy protocol:

  • des
  • aes
  • empty

Required and relevant only when using SNMPv2c.

Back to top