BLUEMAX NGF

Subscribe
Download 496
Last updated Mar 16, 2025

Install Guide

Bluemax NGF

Create Administrator Account

Create a dedicated administrator account for Logpresso connection on the Bluemax NGF device.

블루맥스 NGF 관리자 계정 추가

  • ID: Must contain a mix of letters and numbers.
  • Access Level: Select Level 2 (allows administrative functions excluding system shutdown and restart).

Generate API Key

  1. Log in with the dedicated Logpresso account, then click the account ID from the left menu.

  2. In Edit Administrator > Advanced Settings, enable External Client Integration and click Settings.

    블루맥스 NGF 외부 클라이언트 연동

  3. Click Regenerate to generate the Client ID and Client Secret. Store them securely.

    블루맥스 NGF API 키 발급

  4. Click OK to close the settings window and log out.

Note
While Logpresso uses the REST API, the Logpresso1 admin account cannot access Bluemax NGF via the web interface.

Add Address Group

If you want to integrate using address group synchronization (instead of blocklist sync):

  1. Go to Object/Security Profile > Address Objects.
  2. Click Group Objects, then Add from the toolbar.
  3. Enter the required properties and click OK.
  • Group Name: Unique address group name (e.g., Logpresso)
  • Zone: External
  • Included Objects: Add at least one dummy object to create the group.

Logpresso

Configure Connection Profile

Refer to this guide to add a connection profile.

로그프레소 블루맥스 NGF 접속 프로파일 설정

Required fields are highlighted in light blue:

  • Name: Unique name for the profile
  • Code: Used in queries
  • Type: Bluemax NGF
  • Endpoint: Bluemax NGF API endpoint in the format https://IP
  • Client ID: Client ID from Bluemax NGF API key
  • Client Secret: Client secret from Bluemax NGF API key
  • Idle Timeout: 5 minutes (optional, for auto-logout of inactive sessions)

After configuration, you can use Bluemax NGF extended commands in queries and playbooks.

Configure Block Integration

To automatically block detected attacker IPs, refer to this guide.

로그프레소 블루맥스 NGF 차단 연동 설정

Required fields are highlighted in light blue:

  • Name: Unique name for the block integration
  • Response Model: Bluemax NGF
  • Connection Profile: Bluemax NGF connection profile
  • Address Group: Select or create an address group.
  • Group Object Name: Leave empty to sync with the blocklist, or Enter the group object name (e.g., Logpresso) to sync with am address group
  • Traffic Direction: Select IN, OUT, or BOTH (default: BOTH)
  • **Exception IPs:
  • Enter the Exception IPs as a comma-separated list to prevent accidental blocking of critical asset IP addresses and avoid service disruptions.
  • Recommended to add firewall management IPs
  • Block Duration: Duration in days (default: 365)

When you add an IP address to Logpresso's IP blocklist, it will sync automatically to the Bluemax NGF device's blacklist policy or address group.

If you specify a group object name, configure a firewall rule on Bluemax NGF to block IPs using the Logpresso group object.

You can also configure detection rules to automatically add attacker IPs to the blocklist when threats are detected, or manually add source or destination IPs from a ticket to the blocklist, allowing immediate firewall blocking of threat IPs.

Configure Logger

Refer to this guide to configure a logger. The default dashboards and datasets reference tables that start with FW_BLUEMAX.

블루맥스 NGF 로그 수집기 설정

Required fields are hioghlighted in light bluee:

  • Name: Unique name for the logger
  • Interval: 60 seconds
  • Storage: Select an appropriate node based on your Logpresso platform configuration.
  • Logger Model: Bluemax NFG
  • Table: Table name starting with FW_BLUEMAX
  • Remote IP: IP address of the Bluemax NGF device sending logs

Once completed, Bluemax NGF logs will start collecting, and dashboards will update.