Add Firewall - Firewall Analyzer

Add firewall devices in Firewall Analyzer to fetch syslogs

You can forward Syslog from firewall devices to Firewall Analyzer. From the device details you have provided, command to be executed will be shown. You have to execute the command for the device to forward Syslog.

Forward Syslog from Device

Firewall Analyzer listens to the UDP syslog port (Default 1514) to receive syslogs. Firewalls should be configured to forward syslogs to this port. The configuration should be done on the firewall device to forward the syslogs. Now you can push the configuration into firewall from the Firewall Analyzer itself. You can achieve this from the Settings > Discovery > Add Firewall page.

Add firewall device as per the procedure given below:

1. Enter the host name or IP address of the firewall in the Host Name/IP Address field.
2. Click Ping button for the reachability of the firewall from Firewall Analyzer.
3. Select the firewall vendor name in the Vendor Name drop down list. The listed vendors are, Cisco ASA, Juniper SRX, FortiGate, Cisco PIX, SonicWALL, Others. If you firewall is one of the listed firewalls, choose Others option. Check the list of supported firewalls before choosing Others option.
4. Select the Protocol, either Telnet or SSH.
5. If you have selected vendor as Cisco ASA or Cisco PIX, enter the login credentials viz., Login Name,  Password, Prompt, Enable Prompt, Enable UserName, Enable Password, and Enable Command.
6. If you have selected vendor as Juniper SRX or FortiGate or SonicWALL or Others, enter the login credentials viz., Login Name,  Password, and Prompt.

7. Click Show Command button. 
8. The Command window will open. The window contains the commands to be executed.
9. Edit the commands if required, to export syslog from the firewall.
10. Click Execute Configlet button.

Now the firewall device is configure to forward logs to UDP syslog port.