WatchGuard Firebox Firewall
SNMP and syslog are supported. Syslog is used for security and compliance purposes.
Integration Points
Protocol | Information Discovered | Used For |
---|---|---|
SNMP | Performance metrics – CPU, Memory, Uptime, Interface Usage statistics, Connection rate and Policy Statistics | Performance and Availability Monitoring |
Configuring Watchguard Firebox for SNMP Access
- Logon to Watchguard Firebox Management Console.
- Follow Watchguard Firebox documentation to allow inbound SNMP access (default UDP port 161) to appropriate FortiSIEM node that will communicate to Firebox node.
- Note the SNMP credentials. FortiSIEM supports versions 1, 2 and 3.
Configuring FortiSIEM
Use the account in previous step to enable FortiSIEM access:
Define WatchGuard Firebox Firewall Credential in FortiSIEM
Complete these steps in the FortiSIEM UI by first logging in to the FortiSIEM Supervisor node.
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials:
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box and click Save:
-
Settings Description Name Enter a name for the credential Device Type Generic Access Protocol "SNMP" or "SNMP v3" Port Choose the SNMP port (default 161) Password config Manual or CyberArk. See Password Configuration. Community String
If "SNMP" was selected for Access Protocol, enter the community string.
Security Level/Security Name/Auth Protocol/Auth Password/Priv Protocol/Priv Password/Context
If "SNMP v3" was selected for Access Protocol, enter the detailed SNMP V3 security configuration and credentials.
Description Description of the device.
Create IP Range to Credential Association, Test Connectivity, and Monitor Performance
From the FortiSIEM Supervisor node, take the following steps (In ADMIN > Setup > Credentials).
- In Step 2: Enter IP Range to Credential Associations, click New to create a mapping.
- Enter the IP or IP Range containing the Firebox firewall in the IP/Host Name field. Allowed formats are comma separated IP, IP Range formatted as IP1-IP2 or IP range in CIDR notation.
- Select the name of the credential created in step 2 of Define WatchGuard Firebox Firewall Credential in FortiSIEM from the Credentials drop-down list.
- Click Save.
- Select the entry just created and click the Test drop-down list and select Test Connectivity without Ping. A pop up will appear and show the Test Connectivity results. If it succeeds, your credentials are correct.
- Go to ADMIN > Setup > Discovery.
- Click New and create a discovery entry containing the IP Address of the Firebox firewall.
- Click Save.
- With the entry selected, click Discover. Ensure that the device is discovered.
- When successful, an entry will be created in ADMIN > Setup > Monitor Performance corresponding to this firewall. FortiSIEM will start to pull SNMP metrics from this firewall.