Fastvue Integration with WatchGuard Firebox

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, go to the documentation and support resources for that product.

This document describes how to integrate Fastvue with your WatchGuard Firebox to gain visibility into your network traffic, web usage, and user activity.

Contents

Integration Summary

The hardware and software used in this guide include:

  • WatchGuard Firebox
    • Fireware v12.11 or higher
  • Windows server
    • Fastvue Reporter for WatchGuard

Integration Topology

This diagram outlines the topology used for the Fastvue Reporter and WatchGuard Firebox integration.

Topology of Fastvue Integration with WatchGuard Firebox

Before You Begin

Before you begin these procedures, make sure that:

  • You have a Fastvue account

Firebox Configuration

This example uses the Firebox internal trusted IP address of 192.168.150.1 and the Windows server at 192.168.150.3.

Syslog logging output from the WatchGuard Firebox is unencrypted. We recommend that you do not send unencrypted log messages on public networks.

Configure Fastvue Reporter for WatchGuard

Use these instructions to install and configure Fastvue Reporter for WatchGuard on your Windows server:

  1. Log in to your Fastvue account.
  2. On the Fastvue Downloads page, click Download to download Fastvue Reporter for WatchGuard.
  3. Screenshot of Fastvue, download the Fastvue Reporter supports WatchGuard

  4. Run the installation wizard for Fastvue Reporter for WatchGuard.
  5. Open Fastvue Reporter for WatchGuard.
    The Fastvue Reporter WebUI is at http://localhost:80
  6. Screenshot of Windows Server, open Fastvue

  7. In the WatchGuard Host or IP text box, enter the Internal IP address of your Firebox.
  8. Screenshot of Fastvue Reporter, start dialog

  9. Click Let's go!.

Test the Integration

To test the Fastvue integration with WatchGuard Firebox:

  1. Open Fastvue Reporter for WatchGuard at:
    http://<your Windows Server IP address>:80
  2. Select Settings > Sources to check the records in the source page (it can take several seconds for the records to import).
  3. Screenshot of Fastvue Reporter, sources in settings page

  4. Select Dashboard > Overview to check the network overview analytical charts.
  5. Screenshot of Fastvue Reporter, dashboard

  6. Select Reports > Overview Report > All Usage.
  7. Use the Date From and Date To date pickers to select the start and end dates for the report.
  8. Click Run Report to generate the report.
  9. Screenshot of Fastvue Reporter, report

  10. (Optional) To test content inspection, add a custom keyword group or use the default keyword group. For this example, we added the keywords watchguard&fastvue in the keyword group My Keyword Group.
  11. Screenshot of Fastvue Reporter, add keyword group

  12. (Optional) Add a custom alert with the keyword group you just created.
  13. Screenshot of Fastvue Reporter, add alert

  14. (Optional) Use the computer with the Proxy Authority certificate installed to search for the keywords you added and to verify that alerts appear. In this example, we use Microsoft Bing to search for the keywords watchguard&fastvue.
  15. Screenshot of Fastvue Reporter, test alert