Sending logs via VPN [RESOLVED]

Forum|Forum|15 years ago
May 31, 2011
5 replies
5270 views

Hi Guys, I have just received my first ever shiny FortiAnalyzer - SO EXCITED !! The FortiAnalyzer however is not local to the FortiGates it is due to be analyzing. I have a site-to-site VPN (setup using Interface mode on the Fortigate), and this VPN is working fine... but when I enter in the FortiAnalyzer IP into the Fortigate and hit the Test Connectivity button it says it cannot connect

Is there a special trick to route the Syslogs across a VPN like this ? Many thanks ! Matt

romanr

New Member

Hi, you will need to give your IPSec interface an ip address which is routable to the Analyzer an be sure you have allowed this traffic on the other end! That' s it actually! best regards, Roman

Jonathan_Schaffelu

New Member

Edit the configuration of your Fortianalizer and configure FortiGate interface through which the logs should be sent, usually because he had tried to send the logs over wan. Exemple: FGT60B $ config log fortianalyzer setting FGT60B (setting) $ get status : enable ips-archive : enable gui-display : disable address-mode : static server : 10.10.1.16 (FortiAnalizer) encrypt : disable psksecret : * localid : (null) conn-timeout : 10 source-ip : 0.0.0.0 FGT60B $ config log fortianalyzer setting FGT60B (setting) $ set source-ip 10.200.1.1 (Fortigate Internal IP) FGT60B (setting) $ end

A

Anonymous_UserAuthor

Contributor

Hi Roman / Jon, Thank you both for your quick replies!! Jon - I have actually enabled the full class-c subnet at each through the VPN, and can ping the FortiAnalyzer internal IP from the FortiGate LAN (but not from the FortiGate CLI... not sure if this is good - doubt it). Roman - I' m not quite sure where you mean for me to set the IPsec interface address... do you mean the Local Gateway IP (as per the attached image)... which I currently have as the default Main Interface IP ? Or somewhere else please ? Thanks so much for your help. Matt