search
TD Website

SonicWall

You can configure a **SonicWall® firewall to forward syslog logs to the ThreatDefence Syslog Forwarder for security monitoring.

hashtag
Requirements

  • A deployed and activated ThreatDefence Syslog Forwarder VM

  • Administrator access to the SonicWall firewall

hashtag
Step 1. Configure an Address Object for the ThreatDefence Syslog Forwarder

  1. Sign in to your SonicWall device with administrator permissions.

  2. Navigate to: Object → Match Objects → Addresses → Address Objects

  3. Click Add Address Object and configure:

    • Name — Enter a descriptive name (e.g., TD Syslog Forwarder)

    • Zone Assignment — Select the appropriate zone

    • Type — Select Host

    • IP Address — Enter the IP address of your TD Syslog Forwarder

  4. Click Save.

hashtag
Step 2. Configure Syslog Forwarding

  1. In the SonicWall menu, go to: Device → Log → Syslog

  2. Open the Syslog Servers tab.

  3. Click + Add and configure:

    • Name or IP Address — Select the address object created in Step 1

    • Syslog Format — Select Enhanced

    • Port — Use the appropriate port (as per the Syslog Onboarding Guide)

  4. Click Add.

hashtag
Step 3. Enable Firewall Rule Change Logging

  1. Go to: Device → Log → Settings

  2. Under the Firewall section, click Security Policy

  3. Enable GUI, Alert, Syslog, and Email logging for:

    • Rule Deleted

    • Rule Modified

    • Rule Added

  4. Click Accept

hashtag
Step 4. Enable SSL VPN Logging

  1. Go to: Device → Log → Settings

  2. Under the Users category, click Authentication Access

  3. Ensure Syslog is enabled for all entries

    • Important: Confirm that Successful SSL VPN User Login (ID: 1080) has Syslog enabled

  4. Click Save.

hashtag
Step 5. (Optional) Enable Configuration Auditing

  1. Go to: Device → Log → Settings → Configuration Auditing

  2. For each entry, set the Priority column to Warning for:

    • Configuration Change Succeeded

    • Configuration Change Failed

    • Chassis Settings Change.

hashtag
Step 6. Provide Details to ThreatDefence

Once configuration is complete, provide the following details to ThreatDefence Support at 📧 [email protected]envelope:

  • Firewall make/model and OS version

  • Source IP address and used port number.

PreviousCisco ASANextpfSense

Last updated