Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Dell SonicWALL Firewall

Dell SonicWALL Firewall

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Host name, Hardware model, Network interfaces, Operating system version

CPU Utilization, Memory utilization and Firewall Session Count

Availability and Performance Monitoring

Syslog

Device type

All traffic and system logs

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "sonicwall" to see the event types associated with Dell SonicWALL firewalls.

Rules

There are no predefined rules for Dell SonicWALL firewalls.

Reports

There are no predefined reports for Dell SonicWALL firewalls.

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Syslog
  1. Log in to your SonicWALL appliance.
  2. Go to Log > Syslog.
    Keep the default settings.
  3. Under Syslog Servers, click Add.
    The Syslog Settings wizard will open.
  4. Enter the IP Address of your FortiSIEM Supervisor or Collector.
    Keep the default Port setting of 514.
  5. Click OK.
  6. Go to Firewall > Access Rules.
  7. Select the rule that you want to use for logging, and then click Edit.
  8. In the General tab, select Enable Logging, and then click OK.
    Repeat for each rule that you want to enable for sending syslog to FortiSIEM.

Your Dell SonicWALL firewall should now send syslog to FortiSIEM.

Example Syslog

Jan  3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:06" fw=1.1.1.1 pri=6 c=262144 m=98
msg="Connection Opened" n=23419 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to access your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>

Dell SonicWALL Firewall

Dell SonicWALL Firewall

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Host name, Hardware model, Network interfaces, Operating system version

CPU Utilization, Memory utilization and Firewall Session Count

Availability and Performance Monitoring

Syslog

Device type

All traffic and system logs

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "sonicwall" to see the event types associated with Dell SonicWALL firewalls.

Rules

There are no predefined rules for Dell SonicWALL firewalls.

Reports

There are no predefined reports for Dell SonicWALL firewalls.

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Syslog
  1. Log in to your SonicWALL appliance.
  2. Go to Log > Syslog.
    Keep the default settings.
  3. Under Syslog Servers, click Add.
    The Syslog Settings wizard will open.
  4. Enter the IP Address of your FortiSIEM Supervisor or Collector.
    Keep the default Port setting of 514.
  5. Click OK.
  6. Go to Firewall > Access Rules.
  7. Select the rule that you want to use for logging, and then click Edit.
  8. In the General tab, select Enable Logging, and then click OK.
    Repeat for each rule that you want to enable for sending syslog to FortiSIEM.

Your Dell SonicWALL firewall should now send syslog to FortiSIEM.

Example Syslog

Jan  3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:06" fw=1.1.1.1 pri=6 c=262144 m=98
msg="Connection Opened" n=23419 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to access your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>