SonicWall Firewall Connector

  • Configuration of SonicWall Connector.
  1. Under the connector, go to Ingestion.
  2. Select Event Connector. Click on Configure.
  3. Enter the collector Id and Password.
  4. Select the Validate and Save.
  • SonicWall Connector Requirement.
  1. Machine with Static IP address allocation.

  2. Install the docker engine from Get Docker.

    systemctl start docker

  3. Collect the system IP address.

  4. Opening the Port in the system for the Firewall.

    1. For use in Linux and MAC

      # Opening port in linux system firewall firewall-cmd --permanent --add-port=514/udp firewall-cmd --reload

    2. For Use in Windows, Open the Powershell command prompt.

      # Opening port in Windows system firewall New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Inbound -Protocol UDP -LocalPort 514 -Action Allow New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Outbound -Protocol UDP -LocalPort 514 -Action Allow

  5. Download the docker image tar file from given URL

    https://connectors-xdr.seqrite.com/connectors/collector/download?collectorId=<created collector id>&password=<created collector password>&tid=<tenant-id>

  6. Load docker image

    docker load --input <path to hhcollector-1.0.0.tar file>

  7. Start the agent using below command

    docker run -p 514:514/udp --env COLLECTOR_ID=<created collector id> --env TID=<tenant id> hhcollector

  • Sophos Firewall Configuration Requirement
  1. The event collector is up and running. Now enabling the Forwarding the events to the machine.
  2. Go to SonicWall Web interface, navigate to Logs & Reporting | Log Settings> Syslog > Syslog Server, Add a new syslog server, set the event collector machine IP and UDP port 514 as target for syslog log forwarding. Save the changes.

Was this page helpful?