Firewall Integration Input Consistency 

We currently support several firewall integrations including Cisco, Palo Alto, Check Point and more. However, there are inconsistencies across the ingest options, such as supported protocols and syslog format (UDP/TCP/TCP+TLS) and syslog format (RFC3164 vs RFC5424). We need to ensure each integration is consistent across protocols and syslog format supported. Given how popular the firewall Beats modules are, we should consider **enhancement to the modules as part of this effort too.** 

**Cisco ASA/FTD/IOS**
- [x] UDP
- [x] TCP
- [x] TCP + TLS
- [x] RFC3164
- [ ] RFC5424

**Check Point**
- [x] UDP
- [x] TCP
- [x] TCP + TLS
- [ ] RFC3164
- [x] RFC5424

**Fortinet**
- [x] UDP
- [x] TCP
- [x] TCP + TLS
- [x] RFC3164
- [ ] RFC5424

**Juniper SRX**
- [x] UDP
- [x] TCP
- [x] TCP + TLS
- [ ] RFC3164
- [x] RFC5424

**Palo Alto**
- [x] UDP
- [x] TCP
- [x] TCP + TLS (IETF format [recommended by PANW](https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/configure-syslog-monitoring))
- [x] RFC3164
- [ ] RFC5424 - https://github.com/elastic/beats/issues/26430

**Sophos XG**
- [x] UDP
- [x] TCP
- [x] TCP + TLS
- [ ] RFC3164
- [ ] RFC5424





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Firewall Integration Input Consistency #1878

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Firewall Integration Input Consistency #1878

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions