Configure Network Device - pfSense Firewall

This article will describe how to configure the pfSense firewall to send firewall logs to the RocketCyber Firewall Analyzer Syslog server.

  1. Logon to the pfSense web configuration dashboard.
    Screen_Shot_2020-07-21_at_3.53.21_PM.png
  2. Click Status.
    Screen_Shot_2020-07-21_at_3.54.31_PM.png
  3. Click System Logs.
    Screen_Shot_2020-07-21_at_3.55.14_PM.png
  4. Click Settings.
    Screen_Shot_2020-07-21_at_4.03.30_PM.png
  5. Scroll down to the Remote Logging Options section
  6. Click on Send log messages to a remote Syslog server
  7. Configure the following remaining options:
    • Source Address: Choose LAN
    • IP Protocol: IPv4
    • Remote Log Servers: Enter the IP address of the RocketAgent Syslog Server
    • Remote Syslog Contents: Check the following boxes
      • Firewall Events
      • VPN Events
      • Gateway Monitor Events
      • Routing Daemon Events
  8. Click Save

NOTE  This configuration assumes that the RocketAgent Syslog server is running on the LAN segment and that the Firewall Analyzer Syslog Server configuration is utilizing the default port and protocol of UDP/514. If you have configured a different port, you must add it to the IP address using a : 

EXAMPLE  192.168.3.1:2293