Skip to main content
mhdganji
mhdganji
Explorer III
March 21, 2023
Solved

Send logs to fortianalyzer from a VDOM except itself and the management

  • March 21, 2023
  • 1 reply
  • 2366 views

Hi,

This is the scenario

A VDOM named Mycompany is the main traffic VDOM

A VDOM named MGMTFGD is responsible for connecting to Fortiguard (It's marked as the management VDOM)

A VDOM named OOB is going to be used for Admins interaction and also sending logs to Fortianalyzer

The Global VDOM is also present

 

I want all the VDOMs (specially the MGMTFGD and Mycompany) logs to be sent to Fortianalyzer which is reachable via OOB VDOM

 

When configuring FAZ-Override settings in Mycompany VDOM, I just have two options:

1- Sending logs through the VDOM itself

2- Sending logs through the management VDOM which is MGMTFGD

 

In the command line, I cannot find any command to dictate the firewall sending logs neither through itself or the Management vdom (Here MGMTFGD) but using a third VDOM which is OOB

And for security reasons I'm not going to change (Switch management) the Fortiguard VDOM to OOB.

 

Hope its all clear

 

Regards,

 

Best answer by srajeswaran

We can use inter-VDOM links - https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/335646/inter-vdom-routing

 

For example, create a VDOM link between MGMTFGD and OOB and then add a route on MGMTFGD towards FortiAnalyzer pointing to the VDOM Link towards OOB. Same need to be done of the other VDOMS as well.

1 reply

srajeswaran
Staff
srajeswaranAnswer
Staff
March 21, 2023

We can use inter-VDOM links - https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/335646/inter-vdom-routing

 

For example, create a VDOM link between MGMTFGD and OOB and then add a route on MGMTFGD towards FortiAnalyzer pointing to the VDOM Link towards OOB. Same need to be done of the other VDOMS as well.

mhdganji
mhdganjiAuthor
Explorer III
March 21, 2023

Hi,

You're totally right but isn't there an easier way for accomplishing this? This needs Intervdom links, Routing definitions and opening a path between the secure Fortiguard VDOM to the internal management OOB interface which in turn brings some security considerations in between.

 

I mean, an option or command to define in config log fortianalyzer settings just to say:

 

set vdom OOB

 

If not, do you think this can be put as a feature request?

 

Regards,

srajeswaran
Staff
srajeswaran
Staff
March 21, 2023

This is how I see it.

The idea of VDOM is to separate one FW into multiple logical firewalls. Lets say VDOM1 is for customer1 and VDOM2 is for customer 2, ideally customer 1 won't be using customer2 's setup to send their logs. If they still wanna do it, they can create a connection between them (physical links or the vlinks).
Feel free to share your thoughts.

Terms & ConditionsCookie settingsAccessibility statement