Syslog - Watchguard Firebox X1000 Reference Manual

provides strong authentication and secure (encrypted) communications.
WatchGuard recommends the use of ssh instead of more vulnerable
protocols like telnet, rssh, and rlogin.
If you use ssh, you should also use its strong authentication mechanisms.
Strong encryption mechanisms are available for U.S. customers, Canadian
customers, and customers who have been approved for use of strong
encryption by WatchGuard and/or the U.S. Government. If you would
like to use strong encryption (128 bit, 3DES) or IPSec, please contact
WatchGuard Technical Support.
UNIX versions are available from ftp.cs.hut.fi (see ftp://ftp.cs.hut.fi/
pub/ssh), and information on versions for Windows can be found at
DataFellows (http://www.datafellows.com).
Characteristics
•
•
•
•
Common Scenario

syslog

syslog is a service used to log operating system events on UNIX hosts.
The most common reason to enable syslog data on a firewall is to collect
data from a host outside the firewall.
Because the syslog port is blocked by default, to allow one log host to
collect logs from multiple Fireboxes:
•
Reference Guide
Protocol: TCP
Server Port(s): 22
Client Port(s): less than 1024
RFC: No number yet, but see:
http://www.cs.hut.fi/ssh/
Description
There are one or more ssh servers on the trusted network.
Icons in the Services Arena
An ssh icon – Allowing Incoming To the desired trusted servers,
and Allowing Outgoing From Any To Any.
Remove port 514 from the Blocked Ports list
Packet Filter Services
57