# WatchGuard Firewall WatchGuard Firewall (Firebox) is a network firewall and unified threat management appliance that inspects perimeter traffic and blocks intrusions, malware, and policy violations. Connecting WatchGuard Firewall forwards firewall traffic, intrusion alerts, and diagnostic logs to Radiant Security via syslog through the Radiant Agent. Radiant uses these logs for AI triage, giving analysts perimeter context for verdicts on suspicious network activity. ### Prerequisites * [ ] Device Administrator credentials for the Firebox * [ ] Fireware Web UI or Policy Manager access to the Firebox * [ ] A deployed [Radiant Agent ](/radiant-connectors/data-connectors/install-the-radiant-security-agent.md)reachable from the Firebox * [ ] Administrator role in Radiant Security ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**. 3. Search for and select **Radiant Agent**, then click **Data Feeds**. 4. Under **Select your data feeds**, select **WatchGuard Firebox Firewall**, then click **Credentials**. 5. Under **Credential Name**, enter an identifiable name for the Radiant Agent integration (e.g., `Radiant Agent integration`). To reuse an existing Radiant Agent credential, select it from the drop-down menu. 6. Click **Add Connector**. ### Configure WatchGuard Firebox to forward syslog Before starting, confirm the IP address of the Radiant Agent and the port configured to receive WatchGuard Firewall data. If you do not know the port, contact your Customer Success representative. For vendor instructions, refer to WatchGuard's [Send Log Messages to a Syslog Server](https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html) guide. Multiple syslog servers are supported in Fireware v12.4 and higher for locally-managed Fireboxes. 1. In Fireware Web UI or Policy Manager, select **System** > **Logging** 2. Click the **Syslog Server** tab. 3. Select the **Send log messages to these syslog servers** checkbox. 4. Click **Add**. 5. In the **IP Address** field, enter the IP address of the Radiant Agent. 6. In the **Port** field, enter the port configured on the Radiant Agent to receive WatchGuard Firewall data. 7. From the **Log Format** drop-down list, select **Syslog**. 8. In the **Description** field, enter a description for the server (e.g., `Radiant Security Connector`). 9. Select the **Time Stamp** and **Serial Number** checkboxes. 10. In the **Syslog Settings** section, leave the default facility values and set **Performance** to **None**: * Alarm: Local0 * Traffic: Local1 * Event: Local2 * Diagnostic: Local3 * Performance: None 11. Click **Save**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/watchguard-firewall.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.