Configuring a syslog traffic rule for FORCEPOINT Stonesoft Management Center
If your Stonesoft Management Center and QRadar® are separated by a firewall in your network, you must modify your firewall or IPS policy to allow traffic between the Stonesoft Management Center and QRadar.
From the Stonesoft Management Center, select one of the following methods for modifying a
- Firewall policies - Select .
- IPS policies - Select .
Select the type of policy to modify.
- Firewall - Select .
- IPS - Select .
Add an IPv4 Access rule by configuring the following parameters for the firewall policy:
Parameter Value Source
Type the IPv4 address of your Stonesoft Management Center Log server.
Type the IPv4 address of your QRadar Console or Event Collector.
Service Select Syslog (UDP). Action Select Allow. Logging Select None.Note: In most cases, you might want to set the logging value to None. Logging syslog connections without configuring a syslog filter can create a loop. For more information, see the StoneGate Management Center Administrator's Guide.
- Save your changes and then refresh the policy on the firewall or IPS.
You are now ready to configure the log source in QRadar.