SonicWall Firewall

Cyfin is designed to work with SonicWall. It integrates easily into your current system configuration.

Company Overview

In 1991 SonicWall was founded under the company name Sonic Systems. In late 1999 the company changed its name from Sonic Systems to SonicWall, Inc. to represent the shift to a network security company. It acquired a number of companies through the years and was itself acquired by Dell in 2012. It became an independent company once again in 2016. SonicWall provides comprehensive Next-Generation Firewall and Unified Threat Management solutions as well as Secure Remote Access, E-mail Security, Backup and Recovery, and Management and Reporting.

Cyfin Advanced Reporting for SonicWall

Cyfin - SonicWall Configuration

Cyfin is installed on a server, not on the SonicWall appliance.

Log File Setup

Log File Type:  SonicWall Security Appliance

SonicWall Configuration Steps

The following information applies to versions earlier than SonicOS 6.2.6 Content Filtering Service (CFS) release 4.0.

In order to get SonicWall Web traffic URLs into the Cyfin syslog, you must first have the SonicWall Content Filtering Service enabled. You must also enforce the Content Filtering Service within the zone (LAN) in which your traffic will be forwarded. In order to get the service enabled and enforced, follow the steps below:

1. Log on to your SonicWall interface.
2. Go to Security Services – Content Filter – Configure.
3. Select the Log Access to URL box.
4. Go to Network – Zones. Find the LAN zone and click Configure.
5. Select the Enforce Content Filtering Service box.
6. Apply all changes above.

To verify that the changes were made successfully, you can make a copy of the raw syslogs that are generated after the change. These files are in the write location of your Cyfin installation (default location is …Wavecrest\Cyfin\wc\cf\log). You should see files being written called syslogXXXXXXXX.txt, if you have already configured the Cyfin setup correctly.

Make a copy of the most recent file after the change, and use a text editor (Notepad++ works well) to open the file. Search for the fields dstname= and arg= to confirm that they exist. You can use Ctrl+F to find these strings. You may need to wait for a short time after making the changes for them to take effect.

Note:  If the log files are showing as invalid in Cyfin, see Unable to see Web site hits information in SonicWall for a possible resolution.

Cyfin Configuration Steps

Cyfin Syslog Server listens for syslog messages from your SonicWall device. Both UDP-based and TCP-based messages are supported.

1. Select the SonicWall Syslog log file configuration in Cyfin for your SonicWall device.
2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.
3. Select Enable Syslog Server.
4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
5. In the Listening Port field, the default port number is 1455. The listening port will be used by your SonicWall device to transfer the data. You may change this number if necessary.
6. At your SonicWall device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
8. If you have many of the same SonicWall devices, use one log file configuration with one listening port, and point each SonicWall device to the same listening port.