Seqrite XDR 3.0

SonicWall Firewall Connector

Print Friendly, PDF & Email

<!DOCTYPE html>

Configuration of SonicWall Firewall Connector

Under the connector, go to Ingestion.

Select SonicWall Firewall Connector and click Configure.

Select Enable SonicWall Firewall Events? as Yes.

Click Validate and Save.

You will receive a Token. Copy and save this token — it will be required during ES agent setup.

SonicWall Firewall Connector System Requirements

  • Linux or macOS machine with a static IP address
  • RAM: 4 GB or more
  • CPU: 2 vCPUs or more
  • Disk: 100 GB or more
  • curl installed

SonicWall ES Agent Installation

The Fleet URL changes based on the tenant’s stack. The development team will provide this information.

  • If tenant is on stack 1: https://elk-next-fleet-1.seqrite.com:443
  • If tenant is on stack 2: https://elk-next-fleet-2.seqrite.com:443
  • If tenant is on stack 3: https://elk-next-fleet-3.seqrite.com:443
  • If tenant is on stack 4: https://elk-next-fleet-4.seqrite.com:443

On the prepared Linux or macOS machine, install the ES agent.

Replace <token> with the token saved earlier.

Installation Commands

sudo bash
mkdir SonicWall_es_agent
cd SonicWall_es_agent
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.17.9-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.17.9-linux-x86_64.tar.gz
cd elastic-agent-8.17.9-linux-x86_64
sudo ./elastic-agent install --url=https://elk-next-fleet-1.seqrite.com:443 --insecure --enrollment-token=<token>

SonicWall Firewall Configuration

The SonicWall ES agent is now running.

In the SonicWall Web interface, navigate to:

Logs & Reporting > Log Settings > Syslog > Syslog Server

Add a new Syslog Server entry and configure:

  • Event collector machine IP
  • UDP Port: 1515

Save the changes and click Apply.

After completing these steps, alerts will begin to appear in the XDR portal, confirming successful configuration.

SonicWall ES Agent Un-installation

After deleting the SonicWall Firewall connector from the XDR portal, uninstall the ES agent completely.

Uninstallation Commands

sudo bash
elastic-agent uninstall
rm -rf elastic-agent-8.17.9-linux-x86_64 elastic-agent-8.17.9-linux-x86_64.tar.gz
sudo rm -rf /opt/Elastic/Agent
sudo rm -rf /etc/elastic-agent
sudo rm -rf /var/lib/elastic-agent
sudo rm -rf /var/log/elastic-agent

# Verify removal
ps aux | grep elastic-agent
sudo systemctl status elastic-agent

Was this page helpful?
Yes No