Read-only NetBox connector that surfaces IPAM and DCIM context in every firewall change review. Prefix, VRF, site, tenant, device — right next to the rule diff.
Firewall reviewers evaluate rules without seeing the network they apply to. Is 10.42.0.0/16 DMZ or internal? Is 203.0.113.5 a production gateway or a decommissioned test host? Finding out means leaving the review screen and checking NetBox manually — context that should be inline.
The NetBox integration fixes that. While a reviewer inspects a proposed rule, FwChange queries your NetBox instance in parallel and renders the matching prefix, tenant, site, and nearest device next to each source and destination IP. Every call is read-only. Every response is cached for 5 minutes to protect NetBox from load.
Every source and destination IP in a proposed rule is resolved to its smallest enclosing NetBox prefix, with site, VRF, tenant, and description.
When a FwChange firewall is linked to a NetBox device, the review sidebar shows the device name, serial, rack, site, and a deep link back to NetBox.
The connector uses a read-only NetBox API token. FwChange never creates, updates, or deletes NetBox records. Your source of truth stays yours.
NetBox responses are cached per connector in Redis for 5 minutes. Typical review sessions stay well under default NetBox throttling limits.
If NetBox is unreachable, the sidebar shows an inline error per IP. Rule review is never blocked by IPAM downtime.
Manage multiple NetBox instances per organization. Each connector's credentials are encrypted at rest with AES-256-GCM and scoped to your org.
In your NetBox UI: Admin → API Tokens → Add. Uncheck Write Enabled and set an expiry if your policy requires it. Copy the token.
Navigate to Dashboard → Integrations → IPAM, click Add Connector, enter your NetBox base URL and the token you just created. Toggle Verify SSL off only if you run NetBox with a self-signed certificate.
Click Test. FwChange calls /api/status/ and confirms the NetBox version. On success, the connector moves to ACTIVE.
For any FwChange firewall you want device enrichment on, set its ipamDeviceId field to the NetBox device ID. The review sidebar then shows the device's site, rack, serial, and primary IP.
Open any pending firewall change. The NetBox Context card appears in the right sidebar. Every source and destination IP in the proposed rule is resolved to its NetBox prefix inline with the diff.
No. The integration is read-only. FwChange reads devices and prefixes from NetBox using a read-only API token. It never creates, updates, or deletes NetBox records.
NetBox 3.7 and later. The integration uses standard REST endpoints (/api/status/, /api/dcim/devices/, /api/ipam/prefixes/) that have been stable since 3.x.
Every NetBox response is cached in Redis for 5 minutes per connector. Typical review sessions generate fewer than 20 requests per hour per reviewer, well below NetBox's default throttling.
Yes. Each connector has a Verify SSL toggle. Leave it on for NetBox Cloud or any instance with a trusted certificate. Disable it only for internal instances using self-signed certificates.
Nothing persistently. NetBox responses live in Redis cache for 5 minutes and are then discarded. The only data kept in PostgreSQL is the connector configuration (base URL and encrypted API token) and an optional ipamDeviceId per firewall.
Free 14-day trial. No credit card. Configure the NetBox connector in under 5 minutes.
