Configuring the vGW Series to Send Syslog and Netflow Data to Juniper Networks STRM

Integration of Juniper Network’s vGW Series with its Security Threat Response Manager (STRM) provides for defense-in-depth control in the virtualized server environment.

The vGW Series and Security Threat Response Manager (STRM) integration:

This integration gives you a single-pane, comprehensive, and consistent view of your physical and virtual infrastructure.

The vGW Series and STRM implementations have two points of integration.

The vGW Series exports:

To configure the vGW Security Design VM to send Syslog and Netflow information to STRM:

  1. Configure external logging in the vGW Security Design VM Settings module:
    1. Select Settings -> Global -> External Logging.
    2. Specify the IP address of STRM in the External Inspection Devices pane.
  2. On the same screen, configure Netflow. Enter the IP address of STRM in the NetFlow Configuration section.

To configure STRM to receive vGW Series Syslog and NetFlow Data:

  1. Download the STRM device extension for vGW:
    1. Navigate to the Juniper Networks Support page. From the Juniper Networks main page, select the Support tab.
    2. In the left column, select Download Software.
    3. In the Security box, select vGW (Altor).
    4. Select the Software tab.
    5. Right-click the file called XML Specification for STRM and save the file.

      Do not open the XML file in a browser to view it. Opening the file in a browser could corrupt it.

  2. Log into the STRM user interface.
  3. Navigate to Config -> Sensor Device Extensions -> Add a Device Extension.
  4. Add a device extension for vGW Series.
  5. Click Browse and select the file you downloaded (XML Specification for STRM).
  6. Click Upload to upload the device extension. The device extension is shown in the Extension Document list.
  7. Click Save and continue.
  8. In the Administration Console, choose Sensor Devices to add vGW Series as a sensor device.

    This action defines the Syslog records source.

  9. Select Add a sensor device, and add the sensor device as a Universal DSM.
    1. Specify the vGW Security Design VM IP address in the Device Hostname/IP field.
    2. Specify the vGW Security Design VM IP address in the Device Hostname/IPfield.
    3. Select the Device Extension for Juniper Networks vGW Series that you specified previously.
    4. Configure the rest of the options. You can specify any name and description.
  10. In the STRM Event Viewer screen, choose Raw Events Display option.
    1. Locate a log record generated by Juniper Networks vGW with “action=allow”, and double-click to get to the “Event Details” screen.
    2. Select the “Map Event” icon to map.
  11. Repeat the preceding for the vGW Series records with “action=reject” and “action=drop” with STRM QID 11750269.

    After you complete this step, vGW Series logs should be available in STRM.

Related Documentation