Configuring WatchGuard Firebox

Firewall Analyzer supports both WELF and native log formats of WatchGuard Firebox Models v 5.x, 6,x, 7.x, 8.x, 10.x, 11, Firebox X series, x550e, x10e, x1000, x750e

Note For 8.x version, the XML log file format can be imported by Firewall Analyzer.

 

 

Virus reports are supported only for WatchGuard v10.x


For analysing native logs, the configuration is straight forward, you just need to forward the native logs from WatchGuard to the syslog listener ports of Firewall Analyzer.

Note By default, WatchGuard Firewall logs do not contain the bytes nformation. It just has the size of the packet and header. So one needs to do the following to enable them,
  • For version 7.3 , you need to go into General Setting area of your proxy and select the check box Send log message with summary of each transaction.
  • For version 7.2.1, you need to select the check box Log accounting/auditing information in your proxy service.
  • For version 8.x , you need to select the check box Send a log message with summary information for each transaction in your proxy service.
  • For version 10.X,
    • For External and VPN interface based logging:
      • Open Policy Manager.
      • Select the Setup > Logging > Performance Statistics menu, enable check box and save configuration.
    • For proxy level tracking:
      • Edit the proxy action and select the check box Turn on logging for reports for each desired proxy and save configuration

Device configuration for Firebox X1250e, XTM 11 series

 

Bytes Information for Watch Guard:

Please follow the steps and configure the same in the Watchguard device to resolve the issue.

  • Ensure that your Watch Guard policies are created with Proxy Action and then follow the steps
  • Action > Proxies and add the new policy as per your requirement

Please follow the Steps to enable bytes information in the logs:

For External and VPN interface based logging:

Setup > Logging > Performance Statistics. Enable check box and save configuration.

For proxy level tracking, edit the proxy action and select 'Turn on logging for reports' for each desired proxy and save configuration.

 

Please refer the link of the forum post reply for your reference.

http://www.watchguard.com/forum/default.asp?action=9&boardid=2&read=19115&fid=43

 

Please refer WatchGuard website/WatchGuard forums for detailed information.

You can also configure WatchGuard to export the logs in WebTrends Enhanced Log File (WELF) format, refer WatchGuard documentation for configuring WELF format in WatchGuard Firewalls. Once the log has been exported to WELF format, login to Firewall Analyzer UI and click Settings > Imported Log Files >Import Log File option to load the file.

Copyright © 2011, ZOHO Corp. All Rights Reserved.
ManageEngine