ManageEngine™ Firewall Analyzer is an agentless log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device log messages, and generate forensic reports from the data. This document describes the steps to integrate ManageEngine Firewall Analyzer with your WatchGuard Firebox®.
To complete this integration, you must first deploy Firewall Analyzer.
Platform and Software
The hardware and software used to complete the steps outlined in this document include:
- Firebox or WatchGuard device installed with Fireware® v12.3
- Firewall Analyzer 12.3.237 installed in Windows 10 Pro
This diagram shows the test topology for this integration.
To set up Firewall Analyzer, refer to the Firewall Analyzer Installation Guide. In this document, we describe how to listen, receive, and index Firebox syslog data on Firewall Analyzer and show how it works.
Set Up Firebox to Send Syslog to Firewall Analyzer
To set up your Firebox to send syslog messages to Fireware Analyzer, you can use Policy Manager or Fireware Web UI. In this example, we use Web UI.
- Navigate to System > Logging > Syslog Server.
- Select the Send log messages to the syslog server at this IP address check box.
- In the IP Address text box, type the IP address of the Firewall Analyzer.
- In the Port text box, type the port used for receiving syslog defined on Firewall Analyzer. Firewall Analyzer uses UDP port 1514 as default listener ports.
- From the Log Format drop-down list, select Syslog.
- Other items are optional.
Set Up Firewall Analyzer
From the Firewall Analyzer setup wizard you can configure the port used by the web server. By default, port 8060 is configured.
Test the Integration
- Log in to Firewall Analyzer.
- Make sure your Firebox is sending log messages to Firewall Analyzer. Then, from the computer on which Firewall Analyzer is installed, open a browser and type http://localhost:xxxx where “xxxx” is the web server port that you configured in the Firewall Analyzer setup wizard.
- Select Dashboard > Overview > Firewall Summary to view Firewall information.
- Select Inventory to view active device information.
- Select Report > Firewall Report to view the report.