# WatchGuard

You can configure a **WatchGuard Firebox (Fireware OS)** to forward logs to the **ThreatDefence Syslog Forwarder** for security monitoring.

***

## Requirements

* A deployed and activated **ThreatDefence Syslog Forwarder VM**
* Administrator access to the WatchGuard Firebox (Fireware Web UI)

***

## Steps

### Step 1. Access Logging Settings

1. Log in to the **Fireware Web UI** with an administrator account.
2. Navigate to: **System → Logging**
3. Select the **Syslog Server** tab.
4. Check **Send log messages to these syslog servers**.

***

### Step 2. Add Syslog Server

1. Click **Add**. The *Syslog Server* dialog opens.
2. Configure the following:
   * **IP Address** — Enter the IP address of your **TD Syslog Forwarder**
   * **Port** — Use the appropriate port (as per the [Syslog Onboarding Guide](/appliances/syslog-forwarder/onboarding-syslog-data.md))
   * **Log Format** — Select **IBM LEEF**
   * Options — Check both boxes:
     * *Include the serial number of the device*
     * *Include the syslog header*
3. For each type of log message, set the output to the **Syslog facility**.
4. Click **OK**. The Syslog server is added to the list.
5. Click **Save**.

***

### Step 3. Verify Logging

1. Generate test traffic (e.g., VPN connect, firewall policy hit).
2. Verify events are visible in the **TD Syslog Forwarder logs**.

***

### Step 4. Provide Details to ThreatDefence

Send the following details to **ThreatDefence Support** at 📧 **<support@threatdefence.com>**:

* Firewall make/model and firmware version
* Source IP address and used port number.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.threatdefence.com/siem-integrations/firewalls/watchguard.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.