firewall – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Mon, 12 Jan 2026 17:11:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://www.sgbox.eu/wp-content/uploads/2025/02/cropped-SGBox-symbol-png-32x32.webp firewall – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 Syslog configuration on Sophos Firewall https://www.sgbox.eu/en/knowledge-base/syslog-configuration-on-sophos-firewall/ Mon, 12 Jan 2026 16:49:30 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=35579

Introduction

to be able to receive logs from Sophos appliance, the syslog must be configured.

Example configuration

NOTE: this is only an example configuration, the options may change due to different version or changed options.

Connect to your Sophos firewall system. Choose  System services > Log settings and click Add.

  1. Enter a name
  2. Specify settings
  3. Click on Save
  4. Go to Log settings and select the logs you want to send to the syslog server.
Syslog configuration on Sophos Firewall

From SGBox WebUI downlaod Sophos Firewall Package: SCM > Application > Pacakges

Syslog configuration on Sophos Firewall
]]> Network Requirements https://www.sgbox.eu/en/knowledge-base/network-requirements/ Tue, 30 May 2023 15:16:23 +0000 http://10.253.1.91/?post_type=epkb_post_type_1&p=8649

SGBox and Collector network requirements

Following table explains the different network configuration you in order to: 

  • Manage SGBox and the Collector using WebUI and CLI.
  • Keep SGBox and the Collector updated.
  • Make a correct communication between SGBox and the Collector.
  • Allow data sources to send data to SGBox and Collector.
FromToPortDescription
Client (User)SGBox443/tcpHTTPS WebUI
Client (User)SGBox 22/tcpSSH (CLI)
Client (User)Collector22/tcpSSH (CLI)
Client (User)Collector (v5)4000/tcpOpenVAS console HTTPS
Client (User) / SGBoxSGBox4000/tcpHTTPS (API)
SGBox/Collectorapps.sgbox.it80/tcp
443/tcp		HTTP/S (Updates)
SGBox/Collector*.ubuntu.com80/tcp
443/tcp		HTTP/S (Updates)
Collector (v5)feed.community.greenbone.net873/tcpRSYNC (Updates)
SGBox / Qualys probequalysguard.qg3.apps.qualys.it443/tcpCloud (scans, results)
SGBox / Collector (v6)registry.sgcloud.it7442/tcpHTTPS (Updates), mandatory connection
SGBox / Collector (v6)No Syslog datasourceseg. 1433/tcp, 1521/tcp, 443/tcpDB, other (receive data)
SGBox / Collector (v6)Active Directory (LDAP)389/tcp, 636/tcpLDAP/LDAPS
Collector SGBox443/tcpHTTPS (send data)
SGAgentCollector / SGbox443/tcpHTTPS (send data)
Data sourceCollector / SGbox514/udpSyslog (send data)
Data sourceCollector / SGBox514/tcpSyslog (send data)
Data sourceCollector / SGBox6514/tcpSyslog + TLS (send data)

Containers networks

SGBox and Collector (V6) introduce containers for different activities.
Here you can find the default networks used. If for some reason your internal networks overlap the default containers networks you can change them by connecting to the collector’s CLI:
Network Configuration > Change Docker network configuration

VMNetwork NameNetwork Address
SGBox, Collectordefault10.42.78.0/24
Collectorsg-internal10.10.0.0./16
Collectorsg-external10.20.0.0/24
Collectorswarm10.43.0.0/16

]]>