TD Website

WatchGuard

You can configure a WatchGuard Firebox (Fireware OS) to forward logs to the ThreatDefence Syslog Forwarder for security monitoring.

Requirements

  • A deployed and activated ThreatDefence Syslog Forwarder VM

  • Administrator access to the WatchGuard Firebox (Fireware Web UI)

Steps

Step 1. Access Logging Settings

  1. Log in to the Fireware Web UI with an administrator account.

  2. Navigate to: System → Logging

  3. Select the Syslog Server tab.

  4. Check Send log messages to these syslog servers.

Step 2. Add Syslog Server

  1. Click Add. The Syslog Server dialog opens.

  2. Configure the following:

    • IP Address — Enter the IP address of your TD Syslog Forwarder

    • Port — Use the appropriate port (as per the Syslog Onboarding Guide)

    • Log Format — Select IBM LEEF

    • Options — Check both boxes:

      • Include the serial number of the device

      • Include the syslog header

  3. For each type of log message, set the output to the Syslog facility.

  4. Click OK. The Syslog server is added to the list.

  5. Click Save.

Step 3. Verify Logging

  1. Generate test traffic (e.g., VPN connect, firewall policy hit).

  2. Verify events are visible in the TD Syslog Forwarder logs.

Step 4. Provide Details to ThreatDefence

Send the following details to ThreatDefence Support at 📧 [email protected]:

  • Firewall make/model and firmware version

  • Source IP address and used port number.

PreviousBarracudaNextCisco Meraki

Last updated