Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

McAfee Firewall Enterprise

 

McAfee Firewall Enterprise is formerly known as Secure Computing Sidewinder. The JSA DSM for McAfee Firewall Enterprise collects logs from a McAfee Firewall Enterprise device.

The following table describes the specifications for the McAfee Firewall Enterprise DSM:

Table 1: McAfee Firewall Enterprise DSM Specifications

Specification

Value

Manufacturer

McAfee

DSM name

McAfee Firewall Enterprise

RPM file name

DSM-McAfeeFirewallEnterprise-JSA_version-build_number.noarch.rpm

Supported versions

v6.1

Event format

Syslog

Recorded event types

Firewall Enterprise events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

McAfee website (https://www.McAfee.com)

To integrate McAfee Firewall Enterprise with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPM on your JSA console:

    • McAfee Firewall Enterprise DSM RPM

  2. Configure your McAfee Firewall Enterprise device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a McAfee Firewall Enterprise log source on the JSA Console. The following table describes the parameters that require specific values for McAfee Firewall Enterprise event collection:

    Table 2: McAfee Firewall Enterprise Log Source Parameters

    Parameter

    Value

    Log Source type

    McAfee Firewall Enterprise

    Protocol Configuration

    Syslog

Configuring McAfee Firewall Enterprise to Communicate with JSA

The JSA DSM for McAfee Firewall Enterprise collects events by using syslog.

Before you configure JSA to integrate with a Firewall Enterprise device, you must configure syslog within your McAfee Firewall Enterprise device. When you configure the McAfee Firewall Enterprise device to forward syslog events to JSA, export the logs in Sidewinder Export Format (SEF).

  1. See your vendor documentation for information about configuring McAfee Firewall Enterprise.

After you configure syslog to forward events to JSA, you are ready to configure the log source in JSA.