Fortinet black logo

External Systems Configuration Guide

WatchGuard Firebox

WatchGuard Firebox Firewall

SNMP and syslog are supported. Syslog is used for security and compliance purposes.

Integration Points

Protocol Information Discovered Used For
SNMP Performance metrics – CPU, Memory, Uptime, Interface Usage statistics, Connection rate and Policy Statistics Performance and Availability Monitoring

Configuring Watchguard Firebox for SNMP Access

  1. Logon to Watchguard Firebox Management Console.
  2. Follow Watchguard Firebox documentation to allow inbound SNMP access (default UDP port 161) to appropriate FortiSIEM node that will communicate to Firebox node.
  3. Note the SNMP credentials. FortiSIEM supports versions 1, 2 and 3.

Configuring FortiSIEM

Use the account in previous step to enable FortiSIEM access:

Define WatchGuard Firebox Firewall Credential in FortiSIEM

Complete these steps in the FortiSIEM UI by first logging in to the FortiSIEM Supervisor node.

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box and click Save:
    1. Settings Description
      Name Enter a name for the credential
      Device Type Generic
      Access Protocol "SNMP" or "SNMP v3"
      Port Choose the SNMP port (default 161)
      Password config Manual or CyberArk. See Password Configuration.

      Community String

      If "SNMP" was selected for Access Protocol, enter the community string.

      Security Level/Security Name/Auth Protocol/Auth Password/Priv Protocol/Priv Password/Context

      If "SNMP v3" was selected for Access Protocol, enter the detailed SNMP V3 security configuration and credentials.

      Description Description of the device.
  • Create IP Range to Credential Association, Test Connectivity, and Monitor Performance

    From the FortiSIEM Supervisor node, take the following steps (In ADMIN > Setup > Credentials).

    1. In Step 2: Enter IP Range to Credential Associations, click New to create a mapping.
      1. Enter the IP or IP Range containing the Firebox firewall in the IP/Host Name field. Allowed formats are comma separated IP, IP Range formatted as IP1-IP2 or IP range in CIDR notation.
      2. Select the name of the credential created in step 2 of Define WatchGuard Firebox Firewall Credential in FortiSIEM from the Credentials drop-down list.
      3. Click Save.
    2. Select the entry just created and click the Test drop-down list and select Test Connectivity without Ping. A pop up will appear and show the Test Connectivity results. If it succeeds, your credentials are correct.
    3. Go to ADMIN > Setup > Discovery.
    4. Click New and create a discovery entry containing the IP Address of the Firebox firewall.
    5. Click Save.
    6. With the entry selected, click Discover. Ensure that the device is discovered.
    7. When successful, an entry will be created in ADMIN > Setup > Monitor Performance corresponding to this firewall. FortiSIEM will start to pull SNMP metrics from this firewall.

    WatchGuard Firebox Firewall

    SNMP and syslog are supported. Syslog is used for security and compliance purposes.

    Integration Points

    Protocol Information Discovered Used For
    SNMP Performance metrics – CPU, Memory, Uptime, Interface Usage statistics, Connection rate and Policy Statistics Performance and Availability Monitoring

    Configuring Watchguard Firebox for SNMP Access

    1. Logon to Watchguard Firebox Management Console.
    2. Follow Watchguard Firebox documentation to allow inbound SNMP access (default UDP port 161) to appropriate FortiSIEM node that will communicate to Firebox node.
    3. Note the SNMP credentials. FortiSIEM supports versions 1, 2 and 3.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access:

    Define WatchGuard Firebox Firewall Credential in FortiSIEM

    Complete these steps in the FortiSIEM UI by first logging in to the FortiSIEM Supervisor node.

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials:
      1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box and click Save:
    1. Settings Description
      Name Enter a name for the credential
      Device Type Generic
      Access Protocol "SNMP" or "SNMP v3"
      Port Choose the SNMP port (default 161)
      Password config Manual or CyberArk. See Password Configuration.

      Community String

      If "SNMP" was selected for Access Protocol, enter the community string.

      Security Level/Security Name/Auth Protocol/Auth Password/Priv Protocol/Priv Password/Context

      If "SNMP v3" was selected for Access Protocol, enter the detailed SNMP V3 security configuration and credentials.

      Description Description of the device.
  • Create IP Range to Credential Association, Test Connectivity, and Monitor Performance

    From the FortiSIEM Supervisor node, take the following steps (In ADMIN > Setup > Credentials).

    1. In Step 2: Enter IP Range to Credential Associations, click New to create a mapping.
      1. Enter the IP or IP Range containing the Firebox firewall in the IP/Host Name field. Allowed formats are comma separated IP, IP Range formatted as IP1-IP2 or IP range in CIDR notation.
      2. Select the name of the credential created in step 2 of Define WatchGuard Firebox Firewall Credential in FortiSIEM from the Credentials drop-down list.
      3. Click Save.
    2. Select the entry just created and click the Test drop-down list and select Test Connectivity without Ping. A pop up will appear and show the Test Connectivity results. If it succeeds, your credentials are correct.
    3. Go to ADMIN > Setup > Discovery.
    4. Click New and create a discovery entry containing the IP Address of the Firebox firewall.
    5. Click Save.
    6. With the entry selected, click Discover. Ensure that the device is discovered.
    7. When successful, an entry will be created in ADMIN > Setup > Monitor Performance corresponding to this firewall. FortiSIEM will start to pull SNMP metrics from this firewall.