You can configure a WatchGuard Firebox (Fireware OS) to forward logs to the ThreatDefence Syslog Forwarder for security monitoring.
A deployed and activated ThreatDefence Syslog Forwarder VM
Administrator access to the WatchGuard Firebox (Fireware Web UI)
Log in to the Fireware Web UI with an administrator account.
Navigate to: System → Logging
Select the Syslog Server tab.
Check Send log messages to these syslog servers.
Click Add. The Syslog Server dialog opens.
Configure the following:
IP Address — Enter the IP address of your TD Syslog Forwarder
Port — Use the appropriate port (as per the Syslog Onboarding Guide)
Log Format — Select IBM LEEF
Options — Check both boxes:
Include the serial number of the device
Include the syslog header
For each type of log message, set the output to the Syslog facility.
Click OK. The Syslog server is added to the list.
Click Save.
Generate test traffic (e.g., VPN connect, firewall policy hit).
Verify events are visible in the TD Syslog Forwarder logs.
Send the following details to ThreatDefence Support at 📧 [email protected]:
Firewall make/model and firmware version
Source IP address and used port number.
Last updated
