Manage devices
Relevant for: AFA Administrators
AFA manages your network security by collecting data from the devices defined in AFA.
Depending on the device's support and the options you enable, add a device to AFA to enable AFA to automatically obtain the device's policy, routing, configuration, and logs. AFA collects data via analysis or monitoring processes, at configurable intervals.
Add / Remove Layer 2 Devices: Watch to learn how to manage Layer 2 devices in AFA.
AFA communication protocols
AFA uses encrypted SSH, SOAP, REST or OPSEC communication to access the devices, depending on the available API for the device.
AFA encrypts any stored passwords using the advanced and highly-secure 256 bit AES encryption method (Advanced Encryption Standard).
Once the credentials used to access the device are entered and encrypted in AFA, system administrators can collect device data continuously, without compromising security or having to enter a password each time.
Device procedure reference
For details about adding devices to AFA, see the following:
| Generic procedures | |
| Device-specific procedures |
Device icons
Once added to AFA, each device type is shown in the device tree and across the AFA interface using an icon that represents the device's brand or function.
|
Icon |
Description |
|---|---|
|
Arista EOS |
|
|
Cisco ASA, ACE, IOS Router, or Nexus Router device or security context |
|
Cisco ACI VRFs and other elements in the Cicso ACI fabric |
|
|
Check Point Multi-Domain Security Management (MDSM), Security Management (SmartCenter), or CMA device |
|
|
Juniper NetScreen, NSM, SRX, Space, M/E Router, Juniper (non-M/E) router, or Juniper Secure Access (SSL VPN) device |
|
|
Fortinet FortiGate or FortiManager device |
|
|
Symantec Blue Coat device |
|
|
Linux netfilter - iptables device |
|
|
Microsoft Azure device |
|
|
Palo Alto Networks Firewall or Panorama device |
|
|
F5 BIG-IP |
|
|
Forcepoint (McAfee) Security Management Center (formerly known as StoneGate) or Sidewinder device Note: Supported only if the device had been added in an ASMS version earlier than A30.00. For details, see Deprecated devices. |
|
|
Topsec Firewall device |
|
|
WatchGuard device |
|
|
Hillstone Networks device Note: Supported only if the device had been added in an ASMS version earlier than A30.00. For details, see Deprecated devices. |
|
|
VMware NSX-T and NSX-V device |
|
Cisco Meraki |
|
|
Amazon Web Services (AWS) |
|
|
Avaya - Routing Switch |
|
|
Brocade VDX device |
|
|
H3C device |
|
|
SECUI MF2 device |
|
|
Routing Element |
|
|
Device configuration file |
|
User-defined icons |
For details, see Extend device support. |
Deprecated devices
Support for the Forcepoint brands (Sidewinder, StoneGate) and Hillstone was deprecated in ASMS version A30.00.
If you had defined these devices in an earlier version of ASMS, these devices are still available to you, with all the existing capabilities, but you cannot add new ones after upgrading.
We recommend backing up device data before or after upgrading and then removing these devices from AFA. Make sure to download any report zip files for the device before deleting.
For more details, see
Additionally, all references to Cisco ASA devices also refer to legacy PIX and FWSM devices. To add a new ASA device to your ASMS system, select ASA options.
Yes 
No 
