Manage devices
Relevant for: AFA Administrators
AFA manages your network security by collecting data from the devices defined in AFA.
Depending on the device's support and the options you enable, add a device to AFA to enable AFA to automatically obtain the device's policy, routing, configuration, and logs. AFA collects data via analysis or monitoring processes, at configurable intervals.
AFA communication protocols
AFA uses encrypted SSH, SOAP, REST or OPSEC communication to access the devices, depending on the available API for the device.
AFA encrypts any stored passwords using the advanced and highly-secure 256 bit AES encryption method (Advanced Encryption Standard).
Once the credentials used to access the device are entered and encrypted in AFA, system administrators can collect device data continuously, without compromising security or having to enter a password each time.
Device procedure reference
For details about adding devices to AFA, see the following:
Device icons
Once added to AFA, each device type is shown in the device tree and across the AFA interface using an icon that represents the device's brand or function.
Icon |
Description |
---|---|
Arista EOS | |
|
Cisco ASA, ACE, IOS Router, or Nexus Router device or security context |
Cisco ACI VRFs and other elements in the Cicso ACI fabric | |
Cisco Meraki | |
|
Check Point Multi-Domain Security Management (MDSM), Security Management (SmartCenter), or CMA device |
|
Juniper NetScreen, NSM, SRX, Space, M/E Router, Juniper (non-M/E) router, or Juniper Secure Access (SSL VPN) device |
|
Fortinet FortiGate or FortiManager device |
|
|
|
Linux netfilter - iptables device |
|
Microsoft Azure NSG |
Microsoft Azure Firewall |
|
|
Palo Alto Networks Firewall or Panorama device |
Palo Alto Prisma Access | |
|
F5 BIG-IP |
Versa Networks | |
|
Forcepoint (McAfee) Security Management Center (formerly known as StoneGate) or Sidewinder device Note: Supported only if the device had been added in an ASMS version earlier than A30.00. For details, see Deprecated devices. |
|
Topsec Firewall device |
|
Hillstone Networks device Note: Supported only if the device had been added in an ASMS version earlier than A30.00. For details, see Deprecated devices. |
|
VMware NSX-T and NSX-V device |
|
Amazon Web Services (AWS) |
|
Avaya - Routing Switch |
|
Brocade VDX device |
|
H3C device |
|
SECUI MF2 device |
|
Routing Element |
|
Device configuration file |
User-defined icons |
For details, see Extend device support. |
Support for the Forcepoint brands (Sidewinder, StoneGate) and Hillstone was deprecated in ASMS version A30.00. As of A32.20, AlgoSec no longer supports adding new Symantec Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. devices.
If you had defined these devices in an earlier version of ASMS, these devices are still available to you, with all the existing capabilities, but you cannot add new ones.
We recommend backing up device data before or after upgrading and then removing these devices from AFA. Make sure to download any report zip files for the device before deleting.
For more details, see
Additionally, all references to Cisco ASA devices also refer to legacy PIX and FWSM devices. To add a new ASA device to your ASMS system, select ASA options.