If your Stonesoft Management Center and QRadar are separated by a firewall
in your network, you must modify your firewall or IPS policy to allow traffic between the Stonesoft
Management Center and QRadar.
Procedure
-
From the Stonesoft Management Center, select one of the following methods for modifying a
traffic rule.
- Firewall policies - Select .
- IPS policies - Select .
-
Select the type of policy to modify.
- Firewall - Select .
- IPS - Select .
-
Add an IPv4 Access rule by configuring the following parameters for the firewall policy:
Parameter |
Value |
Source |
Type the IPv4 address of your Stonesoft Management Center Log server.
|
Destination |
Type the IPv4 address of your QRadar
Console or Event Collector.
|
Service |
Select Syslog (UDP). |
Action |
Select Allow. |
Logging |
Select None. |
Note: In most cases, you might want to set the logging value to None.
Logging syslog connections without configuring a syslog filter can create a loop. For more
information, see the StoneGate Management Center Administrator's Guide.
-
Save your changes and then refresh the policy on the firewall or IPS.
What to do next
You are now ready to configure the log source in QRadar.