Configuring a syslog traffic rule for FORCEPOINT Stonesoft Management Center

If your Stonesoft Management Center and QRadar are separated by a firewall in your network, you must modify your firewall or IPS policy to allow traffic between the Stonesoft Management Center and QRadar.

Procedure

  1. From the Stonesoft Management Center, select one of the following methods for modifying a traffic rule.
    • Firewall policies - Select Configuration > Configuration > Firewall.
    • IPS policies - Select Configuration > Configuration > IPS.
  2. Select the type of policy to modify.
    • Firewall - Select Firewall Policies > Edit Firewall Policy.
    • IPS - Select IPS Policies > Edit Firewall Policy.
  3. Add an IPv4 Access rule by configuring the following parameters for the firewall policy:
    Parameter Value
    Source

    Type the IPv4 address of your Stonesoft Management Center Log server.

    Destination

    Type the IPv4 address of your QRadar Console or Event Collector.

    Service Select Syslog (UDP).
    Action Select Allow.
    Logging Select None.
    Note: In most cases, you might want to set the logging value to None. Logging syslog connections without configuring a syslog filter can create a loop. For more information, see the StoneGate Management Center Administrator's Guide.
  4. Save your changes and then refresh the policy on the firewall or IPS.

What to do next

You are now ready to configure the log source in QRadar.