SonicWall
You can configure a **SonicWall® firewall to forward syslog logs to the ThreatDefence Syslog Forwarder for security monitoring.
Requirements
A deployed and activated ThreatDefence Syslog Forwarder VM
Administrator access to the SonicWall firewall
Step 1. Configure an Address Object for the ThreatDefence Syslog Forwarder
Sign in to your SonicWall device with administrator permissions.
Navigate to: Object → Match Objects → Addresses → Address Objects
Click Add Address Object and configure:
Name — Enter a descriptive name (e.g., TD Syslog Forwarder)
Zone Assignment — Select the appropriate zone
Type — Select Host
IP Address — Enter the IP address of your TD Syslog Forwarder
Click Save.
Step 2. Configure Syslog Forwarding
In the SonicWall menu, go to: Device → Log → Syslog
Open the Syslog Servers tab.
Click + Add and configure:
Name or IP Address — Select the address object created in Step 1
Syslog Format — Select Enhanced
Port — Use the appropriate port (as per the Syslog Onboarding Guide)
Click Add.
Step 3. Enable Firewall Rule Change Logging
Go to: Device → Log → Settings
Under the Firewall section, click Security Policy
Enable GUI, Alert, Syslog, and Email logging for:
Rule Deleted
Rule Modified
Rule Added
Click Accept
Step 4. Enable SSL VPN Logging
Go to: Device → Log → Settings
Under the Users category, click Authentication Access
Ensure Syslog is enabled for all entries
Important: Confirm that Successful SSL VPN User Login (ID: 1080) has Syslog enabled
Click Save.
Step 5. (Optional) Enable Configuration Auditing
Go to: Device → Log → Settings → Configuration Auditing
For each entry, set the Priority column to Warning for:
Configuration Change Succeeded
Configuration Change Failed
Chassis Settings Change.
Step 6. Provide Details to ThreatDefence
Once configuration is complete, provide the following details to ThreatDefence Support at 📧 [email protected]:
Firewall make/model and OS version
Source IP address and used port number.
Last updated