Firewall Configuration Basics for dev.firelytics.com

 

Basic steps for configuring your firewall to work with Firelytics.

CORRECTLY Set The Time On Your Firewall

  1. Accurate log analytics completely relies on accurate timestamps. Therefore your local time and Daylight Savings settings must be set properly on your firewall.
  2. Use a reliable NTP server. We use: time-a.nist.gov

Configure Firewall UTM and Log Settings

  1. Configure desired UTM filtering and blocking on your firewall.  Including: Web Filter, Anti-Spam, Anti-Virus, IDS/IPS, Application Control, VPN.
  2. Configure your logging and syslog settings to include the firewall rules where filters in Step 1 are applied.

Configure Firewall Syslog Settings

  1. For Fortigate 4.0 or earlier, configure syslog to point to the following IP with these parameters selected.
    • Syslog Name/IP: dev.firelytics.com
      Port:514
      Level: Information
      Facility: local7
      Do not check Enable CSV format.
  2. For Fortigate 5.0 or later, settings must be changed via the CLI, see this page from Fortinet KB. Use the same parameter values as above.
    • http://docs.fortinet.com/fgt/handbook/cli_html/FortiOS 5.0 CLI/config_log.16.14.html

Configure Firewall Syslog Settings

  1. When the previous steps are complete, and the firewall is verified to be sending syslog data, proceed to log into your Firelytics Account. The Firelytics system requires that the firewall sends live data before a device may be added to an Account.
  2. If this is your first login, proceed by clicking “Next” in the Welcome Wizard, or click top right corner on your User Name. This will reveal an Account Management screen as follows:
  3. FL-config1

  4. Click the “Add Device” number and enter your firewall’s serial number and global location. Click Search and verify on the map provided that the location is correct. Then click Apply.
  5. FL-config2

  6. If the device is properly configured and sending data, then the new serial number will be available for Dashboard widgets and Analyze view. Click “New Widget” on the Dashboard, and proceed to use Firelytics for Real-Time Firewall Log Analytics.

Get Started Free!

We welcome Fortinet and Cyberoam users to full Firelytics Firewall Analyzer support!

Not on Fortinet or Cyberoam? We are working hard to support your device, please sign up and we’ll let you know as soon as we’re ready. Your account will be provisioned and ready to go.

* = required field
UTM Firewall Device