McAfee Sidewinder VPN

Version: McAfee Firewall Enterprise (Sidewinder) with VPN 7.X and later.

With McAfee Firewall Enterprise ( Sidewinder) and its related products, administrators can immediately begin to put firewall rules in the proper business context and take advantage of centralized firewall management, reporting, and user-friendly rule creation capabilities. Additionally, Firewall offers unprecedented levels of threat protection.

Netsurion Open XDR built-in Data Source Integration enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.Through alerts, knowledge base solutions, and reports, Netsurion Open XDR helps you to correct the problems long before a disastrous failure occurs.

Netsurion Open XDR supports McAfee Firewall Enterprise (Sidewinder) with VPN and it can be configured to send syslog to Netsurion Open XDR.

Netsurion Data Source Integrations for McAfee Sidewinder VPN allows you to monitor the following:-

  • Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
  • Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
  • Compliance – Changes in policy configuration (addition and deletion).

Once McAfee Sidewinder VPN is configured to deliver events to Netsurion Open XDR Manager; Knowledge object, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Reports

Type Name Description
Operations Mcafee Sidewinder VPN: Tunnel Establishment Attempt This report provides information related to Tunnel Establishment Attempt which includes Pid, VPN Name, Hostname, Local Gateway, Remote Gateway, Information and other fields.
Compliance Mcafee Sidewinder VPN – IKE Authentication Status This report provides information related to IKE Authentication Status which includes VPN Name, Message ID, Hostname, Local Gateway, Remote Gateway, Remote ID Information and other fields.
Compliance Mcafee Sidewinder VPN – IPSec Session Status This report provides information related to IPSec Session Status which includes Hostname, Eventname, VPN Name, Local Gateway, Remote Gateway, Local Network, Remote Network, Information and other fields.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x and later, and McAfee Firewall Enterprise (Sidewinder).

Download Integration Guide for configuration instructions and more information.