Sangfor overview

    Last updated on:

    Sangfor provides advanced network security solutions like NGAF (Next-Generation Application Firewall) and IAM (Internet Access Management) for traffic control, threat prevention, and user behavior monitoring. Monitoring Sangfor logs helps detect intrusions, policy violations, and anomalous user activities in real time. It ensures compliance, enhances visibility into network usage, and strengthens overall security posture.

    Sangfor extension scope

    The Sangfor extension for Log360Cloud enables integration of Sangfor logs into the Log360 Cloud ecosystem. This extension provides features such as log collection, parsing, reporting, and advanced log search capabilities.

    Sangfor overview

    Configuring the Syslog Service on Sangfor devices

    To configure the Syslog service in your Sangfor NGAF devices, follow the steps below:

    For Sangfor NGAF (Next-Generation Application Firewall) version 6.5 and above:

    1. Access the Sangfor NGAF web interface.
    2. Open a web browser and navigate to the NGAF's management IP address. Log in using your administrator credentials.
    3. Navigate to System > Logging Options.
    4. Check all Syslog checkboxes under Log Location for the type of logs to be forwarded.
      Sangfor overview
    5. In the Syslog Server tab, enter the IP address of the Log360 Cloud agent and 513 or 514 as the Port in the respective boxes.
    6. Click OK to apply changes.

    For Sangfor NGAF version 6.4 and below:

    1. Access the NGAF Web Interface.
    2. Open a web browser and navigate to the NGAF's management IP address. Log in using your administrator credentials.
    3. Navigate to System > Logging Options > Syslog.
    4. Check the Enable Syslog checkbox.
      Sangfor overview
    5. Enter the IP address of the Log360 Cloud agent server and 513 or 514 as the Port in the respective boxes.
    6. Click OK to apply changes.

    For Sangfor IAM (Internet Access Management):

    1. Access the IAM Web Interface.
    2. Open a web browser and navigate to the IAM's management IP address. Log in using your administrator credentials.
    3. Navigate to System > General > Advanced > Syslog Server.
      Sangfor overview
    4. Check the Enable Syslog Server checkbox.
    5. Enter the IP address of the Log360 Cloud agent and port 513 or 514 in the format ipaddress:port (example: 10.10.10.1:514).
    6. Click Commit to apply changes.

    Configuring in Log360 Cloud

    In Log360 Cloud, the format of the logs collected from Sangfor devices will not be automatically identified.

    User must manually assign "Sangfor" as the log type. To implement this:

    1. Log into your Log360 Cloud console.
    2. Navigate to Settings → Configuration → Log Source Configuration → Devices → Syslog Devices.
      Sangfor overview
    3. In the Syslog Devices page, select the devices and click the update icon This will open the Update Device window.
    4. Click the Log Source Type dropdown and select Sangfor Device.
      Sangfor overview

    Viewing Sangfor reports

    To view Sangfor reports, navigate to Reports → Custom Reports → Sangfor.

    Sangfor overview