Fortimail to Fortisandbox by SYSLOG hitting wrong interface
Hi to all,
I have a strange behavior here...
Equipment:
[ul]I tried to connect the Fortigate to the FortiSandbox -> authorized -> works fine.
I tried to connect the Fortimail (Default Gateway is the Fortinet DMZ leg) -> FortiSandbox Server not available.
Hmm... -> FortiView
Oh, we have Threats here from FortiMail to FortiSandbox and the Explicit Firewall Rule deny the Traffic.
Drill down -> Source (Mac of FortiMail Interface) -> Destination (Mac of Sandbox Interface) -> Application "RSH"
Ok, create a temp rule for allow any Traffic -> same behavior -> No Connection -> listed in the Threat list with same Details.
Deeper Dive and now I was able to see, the "Source Interface" is port19 (DMZ Interface at the Fortigate) and the "Destination Interface" is mgmt1 ?!
Does anybody have an idea, why the connection hits the mgmt1 interface???
As I wrote, the only route entry at the Fortimail is "ALL to Fortigate DMZ Interface".
At the fortigate the Route to the internal is set to the Core Switch. Everything is working as expected (SMTP etc.) only the SYSLOG Traffic should be a problem here?
Thanks for any suggestion!