CSV import file format

This topic lists the headers and values supported for CSV files used to import or update device data in AFA.

Note: Header values are case sensitive. Using header values with different cases from those listed below will cause unexpected results in your file upload.

For more details, see Add/update multiple devices in bulk and the How to Import and Mange Devices in Bulk from a .CSV File AlgoPedia article.

Tip: You can also use a CSV file to assign additional device identifiers for primary/parent devices or device sub-systems, such as VSYS or VDOM. In such cases, you only need to include the name and additional_fw_ips values.

Basic device description headers

Header name	Description
brand	The device brand. For more details, see Supported device brand values. Required for all devices except for the following: Cisco IOS Cisco ASA/PIX/FWSM Juniper Netscreen Specify these brand types in the Bulk Add/Update Device dialog instead.
name	The device ID (tree name). Required for all device types. This is an internal name, usually the name displayed in the tree, without non-alphanumeric characters or spaces. If you're specifying a sub-system, this is the name of the sub-system.
display_name	The name as it appears in the device tree, including spaces and other special or numeric characters. Optional for all devices Default: If this column is missing or empty, the device is added using the device's host name.

Header name

Description

brand

The device brand. For more details, see Supported device brand values.

Required for all devices except for the following:

Cisco IOS
Cisco ASA/PIX/FWSM
Juniper Netscreen

Specify these brand types in the Bulk Add/Update Device dialog instead.

name

The device ID (tree name).

Required for all device types.

This is an internal name, usually the name displayed in the tree, without non-alphanumeric characters or spaces.

If you're specifying a sub-system, this is the name of the sub-system.

display_name

The name as it appears in the device tree, including spaces and other special or numeric characters.

Optional for all devices

Default: If this column is missing or empty, the device is added using the device's host name.

Supported device brand values

Enter the following values to indicate device brands:

Analysis and monitoring devices	asa. Cisco ASA bluecoat. Symantec Blue Coat f5bigip f5bigip_afm. F5 BIG-IP LTM and AFM f5bigip_full. F5 BIG-IP LTM Only fortigate. Fortinet Fortigate fwsm (Cisco FWSM) ios. Cisco IOS junos. Juniper SRX junosmxrouter. Juniper M/E Routers nexus. Cisco Nexus nsc. Juniper Netscreen nsx. VMware NSX paloalto. Palo Alto Networks firewall
Monitoring-only devices	ace. Cisco ACE avaya. Avaya Routing Switch brocade. Brocade VDX junipersa. Juniper Secure Access (SSL VPN) junosrouter. Juniper Routers (non-M/E) netfilter. Linux netfilter iptables sonicwall. SonicWall topsec. Topsec Firewall watchguard. WatchGuard

Access information headers

Header name	Description
host_name	The device host name or IP address. Required for all device types.
user_name	The username used to access the device. Required for all device types.
passwd	The password used to access the device. Required for all device types unless CyberArk authentication is used. Note: For Cisco IOS or ASA devices enabled for CyberArk, the Password and Enable User Password must be the same.
enable_user_name	The enable user name. Relevant and required only for Cisco ISO devices.
epasswd	The enable password. Relevant and required only for the following devices, unless CyberArk authentication is used on these devices: Cisco IOS Cisco ASA Symantec Blue Coat For more details, see CyberArk-related headers. Note: For Cisco IOS or ASA devices enabled for CyberArk, the Password and Enable User Password must be the same.

Cisco-related headers

Header name	Description
rules_view	Determines how rules are displayed in device reports, as one of the following: ASDM. (Default) Display rules in the Cisco Adaptive Security Device Manager (ASDM) graphical interface. CLI. Display rules in command line format. Relevant for Cisco ASA devices only.

Header name

Description

rules_view

Determines how rules are displayed in device reports, as one of the following:

ASDM. (Default) Display rules in the Cisco Adaptive Security Device Manager (ASDM) graphical interface.
CLI. Display rules in command line format.

Relevant for Cisco ASA devices only.

CyberArk-related headers

Header name	Description
use_cyberark	Determines whether to use CyberArk authentication: yes no Required for CyberArk devices.
cyberark_platform	Defines the CyberArk platform name. Required for CyberArk devices.
cyberark_safe	Defines the CyberArk safe. Required for CyberArk devices.
cyberark_folder	Defines the CyberArk folder. Required for CyberArk devices.
cyberark_object	Defines the CyberArk object. Required for CyberArk devices.
cyberark_enable_platform	Defines the CyberArk platform for the enable password. Optional, and relevant only for CyberArk devices.
cyberark_enable_safe	Defines the CyberArk safe for the enable password. Optional, and relevant only for CyberArk devices.
cyberark_enable_folder	Defines the CyberArk folder for the enable password. Optional, and relevant only for CyberArk devices.
cyberark_enable_object	Defines the CyberArk object for the enable password. Optional, and relevant only for CyberArk devices.

Advanced headers

Header name	Description
separate_vrfs	Determines whether to split the device into VRFs: yes (Default) no Relevant only for the following devices: Juniper Netscreen Juniper SRX Cisco IOS Cisco Nexus
full_analysis	Determines whether to include risk analysis and policy optimization details in the device reports: yes (Default) no Relevant for Cisco IOS and Cisco Nexus devices only.

Header name

Description

separate_vrfs

Determines whether to split the device into VRFs:

yes (Default)
no

Relevant only for the following devices:

Juniper Netscreen
Juniper SRX
Cisco IOS
Cisco Nexus

full_analysis

Determines whether to include risk analysis and policy optimization details in the device reports:

yes (Default)
no

Relevant for Cisco IOS and Cisco Nexus devices only.

Remote management headers

Header name	Description
con	Determines the connection type as one of the following: SSH SSH (3des). Cisco ASA only SSH (des). Cisco ASA only TELNET. For the following device types: Juniper Cisco Blue Coat Fortigate Palo Alto Linux Netfilter Required for all devices except the following: VMware NSX Cisco ACI These devices connect to AFA via REST.
number_of_allowed_encryption_keys	Determines the permitted number of different RSA keys that AFA can receive from the device's IP address, as follows: 1 2 unlimited (Default) Note: Relevant only when using SSH. This might be required in cases of cluster fail-over, device operating system upgrades, and so on.
ssh_port	Defines the port to use for an SSH connection. Relevant only when using SSH. Defaults: 4118 for WatchGuard devices 22 for all other devices

Header name

Description

con

Determines the connection type as one of the following:

SSH
SSH (3des). Cisco ASA only
SSH (des). Cisco ASA only
TELNET. For the following device types:
- Juniper
- Cisco
- Blue Coat
- Fortigate
- Palo Alto
- Linux Netfilter

Required for all devices except the following:

VMware NSX
Cisco ACI

These devices connect to AFA via REST.

number_of_allowed_encryption_keys

Determines the permitted number of different RSA keys that AFA can receive from the device's IP address, as follows:

1
2
unlimited (Default)

Note: Relevant only when using SSH. This might be required in cases of cluster fail-over, device operating system upgrades, and so on.

ssh_port

Defines the port to use for an SSH connection.

Relevant only when using SSH.

Defaults:

4118 for WatchGuard devices
22 for all other devices

Log and monitoring headers

Note: Assigning syslog identifiers for sub-systems must be done as a part of updating devices in bulk, not as a part of adding devices in bulk. The parent device must already be defined in AFA.

Header name	Description
collect_log	Determines whether AFA collects logs for the device: yes no (Default) Relevant for the following device types: Cisco ASA/FWSM F5 BIG-IP FortiGate, Juniper Netscreen Juniper SRX Palo Alto Note: For Cisco ASA and FWSM devices, set to no to enable logging with only hit-counter data.
log_collection_mode	Determines the method for collecting logs for the device: standard. Enable log collection. extensive. (Default) Enable log collection and the Intelligent Policy Tuner. Relevant when log collection is enabled.
collect_log_from	Determines whether AFA collects logs from the NSM or a syslog-ng server: nsm (Default) syslog Relevant for Juniper Netscreen when log collection is enabled. Note: If traffic logs and audit logs are not on the same server, specify the audit log server using additional headers listed below. In such cases, this value defines a value for the traffic log server.
log_host_name	Defines the host name or IP address of the server/device sending logs to AFA. Relevant when log collection is enabled.
log_user_name	Defines the user name used to connect to the server/device sending logs to AFA. Relevant when log collection is enabled. Note: To collect logs from a remote syslog server using a user other that root, you must configure the server separately. For details, see AFA Syslog messages.
log_passwd	Defines a password for connecting to the server/device sending logs to AFA. Relevant when log collection is enabled.
collect_log_from_adt	Determines whether AFA collects audit logs from the NSM or a syslog-ng server: nsm syslog Relevant for Juniper Netscreen when log collection is enabled. Note: By default, the audit log server is the same as the traffic log server.
log_host_name_adt	Defines the host name or IP address of the server/device sending audit logs to AFA. Relevant for Juniper Netscreen when: Log collection is enabled The audit log server is different from the traffic log server
log_user_name_adt	Defines the user name for connecting to the server/device sending audit logs to AFA. Relevant for Juniper Netscreen when: Log collection is enabled The audit log server is different from the traffic log server
log_passwd_adt	Defines the password for connecting to the server/device sending audit logs to AFA.
log_collection_frequency	Defines how often AFA collects logs for the device, in minutes. Relevant for Juniper Netscreen when: Log collection is enabled The audit log server is different from the traffic log server
additional_fw_ips	Defines any additional IP addresses or host names that identify the device, with colon-separated values. Relevant when log collection is enabled.

Additional headers

Header name	Description
collector	Defines a server to manage the device's data: Central Manager (default) The name of any remote agent Relevant only when AFA is configured for geographic distribution.
baseline_profile	Defines the baseline compliance profile to use when generating reports for the device. Optional for all devices.
root_psw	Defines a password to increase permissions on the device to root user permissions. Relevant only for Linux Netfilter IPTables Tip: Devices usually block the ability to access the device as user root. Enable root access to the device to improve AFA support.
monitoring	Determines whether to enable real-time alerts for configuration changes: yes. Default for real/live devices. no. Default for file devices. Optional for all devices. For more details, see Configure real-time monitoring.
set_user_permissions	Determines whether you can set user permissions for the device: yes (Default) no Optional for all devices.
firewall_users	Defines the users with access to the reports produced for the device. Separate multiple usernames with slashes (/). Relevant when setting user permissions is enabled for the device.

SNPM polling headers

Header name	Description
snmp_version	Determines the SNMP version: snmpv2c snmpv3 Relevant only for the following devices: Symantec Blue Coat Juniper Secure Access (SSL VPN) Linux netfilter iptables SonicWall Topsec WatchGuard SECUI MF2 Avaya Routing Switch Brocade VDX
snmp_community	Defines the SNMP community string. Required and relevant only when using SNMPv2c.
snmp_username	Defines the SNMP Security Name (username). Required and relevant only when using SNMPv2c.
snmp_auth_password	Defines the authentication password. Required and relevant only when: Using SNMPv2c The authentication protocol is specified
snmp_auth_protocol	Determines the authentication protocol: md5 sha empty Required and relevant only when using SNMPv2c.
snmp_priv_password	Defines the authentication password. Required and relevant only when: Using SNMPv2c The privacy protocol is specified
snmp_priv_protocol	Determines the privacy protocol: des aes empty Required and relevant only when using SNMPv2c.

CSV import file format

Basic device description headers

Access information headers

Cisco-related headers

CyberArk-related headers

Advanced headers

Remote management headers

Log and monitoring headers

Additional headers

SNPM polling headers

Sorry about that

Want to tell us more?

Great!