Enable UDP on Windows for Firewall Log Analyzer

Fix one of the most problems with the Firewall Log Analyzer setup

Overview

RocketCyber's Firewall Log Analyzer is architected to eliminate the need of shipping hardware or deploying complex software. To facilitate the collection of firewall telemetry, UDP 514 is the recommended protocol/port. It is very common that the configuration of Windows Firewall has this blocked.

Configuration

To allow Inbound UDP 514 on your Windows host as the syslog collector, see steps below:

Windows 10

  1.  Go to Control Panel --> Systems and Security --> Windows Defender Firewall
  2. Select Allow an App through Windows Firewall
  3. Select Advanced Settings --> Inbound Rules
  4. Create a New Rule
  5. Port (click next) --> UDP
  6. Specify port 514 (click next)
  7. Allow Connection (click next)
  8. Rule Applies should have { Domain, Public, Private } all checked (click next)
  9. Name this rule "RocketCyber Syslog"
  10. Click Finish