Configuring vGW Series to Send Syslog and Netflow Data to Juniper Networks STRM Series Devices

Integration of vGW Series with Security Threat Response Manager (STRM) Series devices provides for defense-in-depth control in the virtualized server environment. This topic covers vGW Series Syslog and Netflow integration configuration with the Juniper Networks STRM Series device.

vGW Series and STRM Series integration brings STRM Series benefits such as centralized log and event management, network-wide threat detection, and compliance reporting to the virtualized data center. This integration gives you a single-pane, comprehensive, and consistent view of your physical and virtual infrastructure.

vGW Series and STRM Series have two points of integration. vGW Series exports the following information to the STRM Series device:

You use the Settings > Global page to configure the vGW Security Design VM to send Syslog logs and events and NetFlow VM traffic information to the STRM Series device. See Figure 153.

Figure 153: vGW Series Configuration for Syslog and NetFlow to a STRM Series Device

vGW Series Configuration for Syslog and
NetFlow to a STRM Series Device

Syslog. For Syslog, you configure information on both vGW Series and the STRM Series device:

Syslog Configuration on vGW Series.

Configure vGW Series for Syslog external logging to the STRM Series device.

  1. In the External Inspection Devices pane, enter STRM for the name of the external device and specify the STRM Series device’s IP address.
  2. In the External Logging pane, select Send Syslog from Firewalls. If you want to send the firewall logs to the vGW Security Design VM also, select the check box.
  3. To identify the STRM Series device as the Syslog server, specify it’s IP address in the External Logging pane.
  4. Select UDP as the transport protocol.

vGW Series Configuration on STRM.

  1. Define vGW Series as the log source in the STRM Series device to identify the Syslogs that you are sending. See Figure 154.

    Figure 154: STRM Source Log Definition for vGW Series

    STRM Source Log Definition for
vGW Series

NetFlow.

The STRM Series device can listen for NetFlow messages on port 2055 from any device because NetFlow has a standard format. If you specify 2055 for the port on the vGW Series configuration, you do not need to configure NetFlow on the STRM Series device.

In the Settings > Global > NetFlow Configuration pane, configure vGW Series NetFlow to send VM traffic statistics to the STRM Series device. See Figure 153.

  1. Select the Enable check box.
  2. Specify the IP address of the NetFlow collector and the destination port to use.

    Note: The standard specification is UDP port 2055, but other values like 9555 or 9995 are sometimes used. If you use another value, you must configure vGW Series NetFlow information on the STRM Series device.

Related Documentation