Sophos Firewall Configuration On-Premises

  • Updated
Table of Contents:

This article covers how to configure Sophos firewall to forward events. 

Configuring Sophos Firewall to forward events

Take the following steps to configure your Sophos Firewall:

Procedure:

  1. Go to System services > Log settings and click Add.
  2. Specify the settings.
    • Name: give a unique name to the device.
    • IP address/Domain: Give Forwarder IP
    • Secure Log Transmission: “Enable” the check box (If you have any certificates, then enable this check box)
    • Port: Select port “11682”
    • Facility: Select “Local 6”
    • Severity Level: Select “Informational”
    • Format: select “Device Standard Format”

Graphical user interface, text, application, table Description automatically generated

3. Click Save

4. Repeat the process for each device that needs to be onboarded to chronicle.

5. Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression, or with a specific hostname, will provide the log source types which are ingesting to chronicle, below is the screenshot for reference. 

Reference:

https://www.manageengine.com/products/firewall/help/configure-sophos-xg-firewalls.html

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SystemServices/LogSettings/SyslogServerAdd/index.html

 

Related articles

Comments

0 comments

Please sign in to leave a comment.