Collect Firewall metadata with Lumu VA and WatchGuard
Requirements
-
Admin access to configure a syslog server on WatchGuard.
-
The most recent version of the Lumu Virtual Appliance installed.
These are the general steps you should follow to configure a syslog server on a WatchGuard Firewall to send all metadata to Lumu:
Deploy and Set Up Lumu VA
All the detailed steps and guidance to create, download, and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:
-
Deploy Virtual Appliances
-
Configure Virtual Appliances and set up collector
Set up a Lumu VA Firewall Log Collector
Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command
lumu-appliance collectors refresh
. If the appliance is running, it should be stopped for setting up collectors.
Example of screen when setting up a Firewall Collector Select the option that refers to WatchGuard Firewall and the format that suits you best, then inform the following data:
-
Protocol type
: you can select between TCP and UDP according to your infrastructure and your WatchGuard’s settings.
-
Port number
: provide a number between 1024 and 65535, inclusive.
-
Timezone
: The timezone for setting up the VA. Use the canonical ID (e.g. America/Chicago). You can use
this external article
for reference.
Example of screen when setting up a Firewall Collector
Once you have installed and configured a Lumu Virtual Appliance with the respective firewall collector, the next step is to set up WatchGuard to forward firewall metadata to Lumu. You can find all the details about setting up syslog server on WatchGuard Firebox in their official documentation:
- Configure Syslog Server Settings
Related Articles
Collect MikroTik Firewall Metadata with Lumu VA
Requirements MikroTik Router OS 6 or newer. Have admin access to create a new Forwarding configuration. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server ...
Collect Firewall Metadata with Lumu VA and Huawei USG Firewall
Requirements A Huawei USG Firewall device. Have admin access to create a new Forwarding configuration. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server on ...
Collect Metadata with Lumu VA
The Lumu Virtual Appliance (VA) offers the option to create VA collectors, a seamless way to integrate the network metadata of your entire enterprise into the Lumu cloud with the lowest impact on the network operation. Collecting metadata other than ...
Collect Firewall Metadata with Lumu VA and Juniper SRX
Requirements Juniper SRX Firewall Junos version 20+. Have admin access to configure a Syslog server on Juniper SRX. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a ...
Collect FortiGate Firewall Metadata with FortiAnalyzer and Lumu VA
In scenarios where all your FortiGate deployment logs are centralized within a FortiAnalyzer, you can use it to accelerate the deployment of Lumu and forward all firewall logs at once using the FortiAnalyzer data collection capabilities from Lumu. ...