How to - Configure your NetWall to send logs to Cloud Services

Last modified on 26 Mar, 2024. Revision 8
  • Troubleshooting
  • Related articles
    • Up to date for
    Clavister Cloud Services 3.1.2
    Status OK


    This guide is on how to configure your On-Prem NetWall firewall to work with the Cloud Services Log Ingestion add-on.

    The guide uses our example company ShieldIT as <company_name> through the different steps



    Setup your NetWall firewall

    The NetWall firewall configurations provided within the following instructions enables your firewall to forward log traffic generated by corresponding NetWall firewall towards the Cloud Services via an IPsec tunnel. The IPsec tunnel and all it’s related routing configurations utilizes the Virtual routing capabilities in NetWall to isolate routing configurations from current Firewall setup to avoid any potential routing conflicts.

    The easiest way is to use the the script downloaded from the Cloud Services created when enabling the Log Ingestion Add-on, but if that script is lost you can use this template script and modify it according to the instructions below: sase_incenter_logging_configs.sgs

    Modifying the template script

    Edit above downloaded script file with your favorite text editor


    Change following values to the values provided to you by Clavister - values that require change are put as <change me> :

    • IP4Address sase_ic_logging_ip Address=<change me>
    • PSKHex=<change me>

    Example:

    • IP4Address sase_ic_logging_ip Address=10.223.11.12
    • PSKHex=3ccb660224092b7042ebc49bb4d3a91480e9f950a05420bf154f1b124345f0044739a9d018f93234f7e1b527a556347deb64ae6f1f2470a9cdab15c84577044a


    Change following value to a NetWall IPv4 address object that corresponds to a local user network address behind the firewall (e.g. LAN Network)

    • LocalNetwork=<change me>

    Example:

    • LocalNetwork=InterfaceAddresses/LAN1_net


    Avoid using an address from CIDR range 172.20.1.0/26 for this object



    Importing and applying the script

    Navigate to Status → Maintenance → Import Script

    Click on Browse… then select and upload the Script file edited and saved in previous step.

    You should get following message:

    Success! Execution completed successfully. You can now review and activate your new configuration.

    Troubleshooting


    Check tunnel status by navigating to : Status → IPsec



    Done.

    Related articles

    Brian Smart Search (Beta)
    15 Jan, 2024 dictionary troubleshoot core stream incontrol incenter oneconnect cloudservice
    Configure Clavister OneConnect using deep links
    13 Jun, 2022 oneconnect macos ios windows android
    Clavister (Classic) SSL VPN vs OneConnect (OpenConnect based) SSL VPN
    3 Jun, 2022 oneconnect openconnect sslvpn
    How to - Configure your On-Prem firewall to work with the Passwordless VPN SASE service
    26 Mar, 2024 oneconnect sase cloud
    OneTouch profiles statuses and re-enrollments
    5 Feb, 2024 oneconnect sase
    Configure Clavister OneConnect for macOS, iOS and iPadOS towards NetWall
    28 Apr, 2023 openconnect oneconnect macos ios iphone
    Configuring public certificates in NetWall firewalls
    18 Mar, 2024 core certificate oneconnect ipsec vpn
    Is possible to install OneConnect on Windows 7?
    28 Feb, 2024 oneconnect windows
    Configure the Android OpenConnect client towards Clavister NetWall
    23 Aug, 2022 sslvpn openconnect oneconnect android core
    Configure Clavister OneConnect for Windows towards Clavister NetWall
    29 Oct, 2021 sslvpn openconnect oneconnect windows
    Lets Encrypt - error 9814 - chain had an expired certs
    13 Oct, 2021 oneconnect macos openconnect ios
    DNS suffix not working as expected when using split-tunneling on OneConnect (Windows)
    9 Feb, 2024 core oneconnect windows splittunneling dns
    Certificate update in InControl global domain on certificate that is used on firewall(s)
    18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
    Where to find logs to the OneConnect client for MacOS
    27 Oct, 2022 oneconnect log
    Configure Linux OpenConnect towards Clavister NetWall
    5 Mar, 2021 sslvpn openconnect oneconnect linux core
    Configuring SSL-VPN / OneConnect server on secondary Firewall IP address
    8 Apr, 2021 core sslvpn oneconnect interfaces arp
    OneConnect VPN certificate not trusted
    18 Mar, 2024 onetouch sslvpn oneconnect troubleshoot certificate
    Install OneConnect without Microsoft store
    25 Feb, 2022 oneconnect windows howto
    Use Roles in Cloud Authentication to limit user access to OneConnect
    10 Oct, 2024 sase oneconnect core userauth
    Howto - Userbased rules
    27 Feb, 2024 oneconnect userbased core
    How do i set up a OneConnect VPN tunnel in cOS core
    23 Aug, 2022 core oneconnect
    Changing the certificate used by the OneConnect client/server
    28 Nov, 2022 core configuration oneconnect
    How to - Activate Passwordless RADIUS Authentication Add-on in Clavister Cloud Services
    9 Oct, 2024 oneconnect sase cloud radius
    Using Clavister OneConnect Classic SSL VPN client towards the OneConnect server
    29 Jun, 2021 core oneconnect
    Clavister OneConnect server using cOS Core as CA Server
    11 May, 2023 oneconnect certificate howto
    Background apps premission
    27 Aug, 2024 oneconnect windows
    Configure Clavister OneConnect for Android and ChromeOS towards NetWall
    8 Jun, 2022 openconnect oneconnect android
    Configure the OpenConnect-GUI client towards Clavister NetWall
    23 Aug, 2022 sslvpn openconnect oneconnect macos windows linux core




    Tagscloudsase