Juniper Networks vGW Virtual Gateway

The Juniper Networks vGW Virtual Gateway DSM for IBM® QRadar® accepts events by using syslog and NetFlow from your vGW management server or firewall.

The Juniper Networks vGW Virtual Gateway product is end of life (EOL), and is no longer supported by Juniper.

About this task

QRadar records all relevant events, such as admin, policy, IDS logs, and firewall events. Before you configure a Juniper Networks vGW Virtual Gateway in QRadar, you must configure vGW to forward syslog events.

Procedure

  1. Log in to your Juniper Networks vGW user interface.
  2. Select Settings.
  3. From Security Settings, select Global.
  4. From External Logging, select one of the following options:
    • Send Syslog from vGW management server - Central logging with syslog event provided from a management server.
    • Send Syslog from Firewalls - Distribute logging with each Firewall Security VM providing syslog events.

    If you select the option Send Syslog from vGW management server, all events that are forwarded to QRadar contain the IP address of the vGW management server.

  5. Type values for the following parameters:
    Table 1. Syslog parameters
    Parameter Description
    Syslog Server Type the IP address of your vGW management server if you selected to Send Syslog from vGW management server. Or, type the IP address of QRadar if you selected Send Syslog from Firewalls.
    Syslog Server Port Type the port address for syslog. This port is typically port 514.
  6. From the External Logging pane, click Save.

    Only the changes that are made to the External Logging section are stored when you click Save. Any changes that are made to NetFlow require that you save by using the button within NetFlow Configuration section.

  7. From the NetFlow Configuration pane, select the enable check box.

    NetFlow does not support central logging from a vGW management server. From the External Logging section, you must select the option Send Syslog from Firewalls.

  8. Type values for the following parameters:
    Table 2. Netflow parameters
    Parameter Description
    NetFlow collector address Type the IP address of QRadar.
    Syslog Server Port Type a port address for NetFlow events.
    Note: QRadar typically uses port 2055 for NetFlow event data on QFlow Collectors. You must configure a different NetFlow collector port on your Juniper Networks vGW Series Virtual Gateway for NetFlow.
  9. From the NetFlow Configuration, click Save.
  10. You can now configure the log source in QRadar.

    QRadar automatically detects syslog events that are forwarded from Juniper Networks vGW. If you want to manually configure QRadar to receive syslog events:

    From the Log Source Type list, select Juniper vGW.

    For more information, see your Juniper Networks vGW documentation.