SonicWall Firewall Connector

1. SonicWall Connector Configuration

1. Go to the XDR platform.
2. Navigate to Connectors > Ingestion.
3. Select Event Connector and click Configure.
4. Enter the Collector ID and Password.
5. Click Validate and Save.

2. System Requirements

✅ Prerequisites:

• A machine with Static IP address.
• Docker Engine installed. You can download Docker from:
  https://docs.docker.com/get-docker

After installation, start Docker with:

systemctl start docker

• Collect your machine’s IP address (this will be used by SonicWall as the syslog server).

3. Firewall Configuration

For Linux/macOS:

firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload

For Windows (Run in PowerShell as Administrator):

New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Inbound -Protocol UDP -LocalPort 514 -Action Allow
New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Outbound -Protocol UDP -LocalPort 514 -Action Allow

4. Download and Load the Docker Image

Download the Docker image using the following URL (replace the placeholders):

https://connectors-xdr.seqrite.com/connectors/collector/download?collectorId=<COLLECTOR_ID>&password=<COLLECTOR_PASSWORD>&tid=<TENANT_ID>

Load the Docker image:

docker load --input <path_to/hhcollector-1.0.0.tar>

5. Start the Collector Agent

Run the Docker container using:

docker run -p 514:514/udp \
  --env COLLECTOR_ID=<COLLECTOR_ID> \
  --env TID=<TENANT_ID> \
  hhcollector

6. SonicWall Firewall Configuration

1. Log in to the SonicWall Web Interface.
2. Go to Logs & Reporting > Log Settings > Syslog > Syslog Server.

3. Add a new syslog server:

   • IP Address: Enter the static IP of the event collector machine.
   • Port: 514 (UDP)
4. Save the changes to start forwarding logs to the configured system.