Enable UDP on Windows for Firewall Log Analyzer

Allowing inbound UDP traffic

Overview

RocketCyber's Firewall Log Analyzer is architected to eliminate the need of shipping hardware or deploying complex software. To facilitate the collection of firewall telemetry, UDP 514 is the recommended protocol/port. It is very common that the configuration of Windows Firewall has this blocked, therefore the Firewall Analyzer app has been designed to automatically add an inbound rule for the configured Port and Protocol to allow traffic in. If you are using another host based firewall you should consult the documentation on how to allow this traffic. If your just curious about manually configuring the rule, read on.

Configuration

To allow Inbound UDP 514 on your Windows host as the syslog server, see steps below:

Windows 10

Go to Control Panel --> Systems and Security --> Windows Defender Firewall
Select Allow an App through Windows Firewall
Select Advanced Settings --> Inbound Rules
Create a New Rule
Port (click next) --> UDP
Specify port 514 (click next)
Allow Connection (click next)
Rule Applies should have { Domain, Public, Private } all checked (click next)
Name this rule "RocketCyber Syslog"
Click Finish

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.