Up
Previous Next

Sheriff CSM™

Dell SonicWALL

When you configure Dell SonicWALL to send log data to Sheriff CSM, you can use the Dell SonicWALL plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor Dell
Device Type Firewall
Connection Type Syslog
Data Source Name sonicwall
Data Source ID 7072

Integrating Dell SonicWALL

Before you configure the Dell SonicWALL integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Dell SonicWALL to send log data to Sheriff CSM
  1. After logging into the SonicWALL console as the administrator, go to Firewall > Address Objects.
  2. Select Add New Address Object.

  3. In the Add Address Object dialog, complete the following and click OK:

    1. Name — Sheriff CSM
    2. Zone Assignment — LAN
    3. Type — Host
    4. IP Address — IP address of the Sheriff CSM Sensor
  4. Go to LOG > Settings.

  5. Under SYSLOG Servers, select ADD.

    1. Name or IP address should match the Sheriff CSM Sensor.
    2. Port should be 514.
    3. For Bind to VPN Tunnel and Create Network Monitor Policy in NDPP Mode, select the appropriate local and outbound interfaces.
  6. Click OK and Done.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Note: SonicWall devices can have different time zone settings. Users need to have the same settings specified in the plugin if their device is not using local time. For more information, see Change Timezone for a Plugin.

Troubleshooting

For troubleshooting, refer to the vendor documentation:

https://www.sonicwall.com/en-us/support
Topic revision: r8 - 28 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.