Transcription
Integration GuideManageEngine Firewall AnalyzerRevised: 27 April 2016
About This GuideGuide TypeDocumented Integration — WatchGuard or a Technology Partner has provided documentation demonstratingintegration.Guide DetailsWatchGuard provides integration instructions to help our customers configure WatchGuard products to workwith products created by other organizations. If you need more information or technical support about how toconfigure a third-party product, see the documentation and support resources for that product.2ManageEngine Firewall Analyzer Integration Guide
ManageEngine Firewall Analyzer Integration OverviewManageEngine Firewall Analyzer is an agentless log analytics and configuration management software thathelps network administrators to centrally collect, archive, analyze their security device log messages, andgenerate forensic reports from the data. This document describes the steps to integrate ManageEngineFirewall Analyzer with your WatchGuard Firebox .Platform and SoftwareThe hardware and software used to complete the steps outlined in this document include: Firebox or WatchGuard XTM device installed with Fireware v11.10.x.Firewall Analyzer 12.0 installed in a Windows Server 2012 Standard Edition environment.Test TopologyTo complete this integration, you must first deploy Firewall Analyzer.To set up the Firewall Analyzer, please refer to the Firewall Analyzer Installation Guide. In this document, wedescribe how to listen, receive, and index Firebox syslog data on Firewall Analyzer and show how it works.ManageEngine Firewall Analyzer Integration Guide3
Set Up Firebox to Send Syslog to Firewall AnalyzerTo set up your Firebox to send syslog messages to Fireware Analyzer, you can use Policy Manager orFireware Web UI. In this example, we use Web UI.Navigate to System Logging Syslog Server.Enable the Send log messages to the syslog server at this IP address check box.In the IP Address text box, type the IP address of the Firewall Analyzer.In the Port text box, type the port used for receiving syslog defined on Firewall Analyzer. FirewallAnalyzer uses UDP port 514 and 1514 as default listener ports.5. From Log Format drop-down list, select Syslog.6. Other items are optional.1.2.3.4.4ManageEngine Firewall Analyzer Integration Guide
Set Up Firewall AnalyzerFrom the Firewall Analyzer setup wizard you can configure the port used by the web server. By default, port 80is configured.ManageEngine Firewall Analyzer Integration Guide5
Test the Integration7. Log in to Firewall Analyzer.8. From the computer on which Firewall Analyzer is installed, open a browser and typehttp://localhost:xxxx where “xxxx” is the web server port that you configured in the Firewall Analyzersetup wizard.9. Select Dashboard Overview Device list to view the Device List page, which should look like this.10. Select Dashboard Overview Firewall Traffic Statistics to view the Firewall Traffic Statisticspage.11. Select Dashboard Overview Firewall Security Statistics to see the Firewall Security Statisticspage.6ManageEngine Firewall Analyzer Integration Guide
12. Select Dashboard Overview Top N Hosts by Traffic to view the Top N Hosts by Traffic page.ManageEngine Firewall Analyzer Integration Guide7
Live TrafficOther tables within Firewall Analyzer show valuable information when related data is received, including theLive Traffic page.InventoryThe Inventory page provides active device information. To view the Inventory page, in the left navigationpanel, click Inventory.8ManageEngine Firewall Analyzer Integration Guide
ReportsFirewall Analyzer also provides several reports.13. To view the reports, in the left navigation pane, click Reports.14. From the drop-down list, select the report you want to review.Report ExamplesFigure 1: Traffic Reports - Top HostsFigure 2: Traffic Report - Top Hosts (Sent Received)ManageEngine Firewall Analyzer Integration Guide9
2. Enable the Send log messages to the syslog server at this IP address check box. 3. In the IP Address text box, type the IP address of the Firewall Analyzer. 4. In the Port text box, type the port used for receiving syslog defined on Firewall Analyzer. Firewall Analyzer uses UDP port 514 and 1514 as default listener ports. 5.
