ManageEngine Firewall Analyzer Integration Guide

ManageEngine™ Firewall Analyzer is an agentless log analytics and configuration management software product that helps network administrators to centrally collect, archive, analyze security device log messages, and generate forensic reports from the data. This document describes the steps to integrate ManageEngine Firewall Analyzer with your WatchGuard Firebox®.

To complete this integration, you must first deploy Firewall Analyzer.

Platform and Software

The hardware and software used to complete the steps in this document include:

Firebox or WatchGuard device with Fireware version 12.8.1
Firewall Analyzer 12.6.101 installed on Microsoft Windows 10 Pro

Test Topology

This diagram shows the test topology for this integration.

Test Topology

To set up Firewall Analyzer, refer to the Firewall Analyzer Installation Guide. In this document, we describe how to listen, receive, and index Firebox syslog data on Firewall Analyzer and show how it works.

Set Up Firebox to Send Syslog to Firewall Analyzer

To set up your Firebox to send syslog messages to Fireware Analyzer, you can use Policy Manager or Fireware Web UI. In this example, we use Web UI.

Navigate to System > Logging > Syslog Server.
Select the Send Log Messages to the Syslog Server at This IP Address check box.
Click Add.
The Syslog Server dialog box opens.

firebox config

In the IP Address text box, type the IP address of the Firewall Analyzer.
In the Port text box, type the port used to receive syslog, as defined on Firewall Analyzer. Note that Firewall Analyzer uses UDP port 1514 as the default listener port.
From the Log Format drop-down list, select Syslog.
Other items are optional.
Click OK.

firebox config

Click Save.

Set Up Firewall Analyzer

From the Firewall Analyzer setup wizard, you can configure the port used by the web server. By default, the wizard configures port 8060.

Test the Integration

You can view the information of a firewall from Firewall Analyzer.

Log in to Firewall Analyzer.
Make sure that your Firebox is sending log messages to Firewall Analyzer. Then, from the computer that has the Firewall Analyzer installation, open a web browser and, in the address bar, type:
http://localhost:xxxx
Where “xxxx” is the web server port that you configured in the Firewall Analyzer setup wizard.
Select Dashboard > Overview > Firewall Summary to view firewall information.

Firewall Summary

Select Inventory to view active device information.

Inventory

Select Report > Firewall Report to view the report.

report

© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.