Skip to main content
SirichaiJi
SirichaiJi
New Member
September 6, 2018
Question

Sending syslog files from a FortiGate unit over an Site to Site tunnel

  • September 6, 2018
  • 1 reply
  • 12673 views

I have 2 site FTG both are 50E and Nas server is Qnap. 2site was connected by VPN Site 2 Site.I planned 2 site send log to NAS server

HQ can record log to NAS (192.168.10.26) because in the same subnet. But Brand site can't send log to NAS.

 

In this moment Brand site dont have log record . How can setting ?

 

Regards

Sirichai

 

HQ 192.168.10.0/24

      Nas 192.168.10.26

 

Brand 192.168.100.0/24

    1 reply

    Markus
    Markus
    New Member
    September 6, 2018

    Do you have a policy in place? ---   Brand FTG --> Tunnel -->  NAS --> Syslog   --- Do you have set the source IP in syslog config? conf log syslogd* setting --> set source ip = 192.168.100.xx (your brand FTG interface IP) Best,

    Markus

    SirichaiJi
    SirichaiJiAuthor
    New Member
    September 6, 2018

    In Policy i think didn't set Can you tech me please

     

    I config like this . For HQ send log is worked.

     

    Note : I New for fortigate 


    ######Brand Site#######
    config log syslogd setting
        set status enable
        set server "192.168.10.26"
        set reliable disable
        set port 514
        set facility syslog
        set source-ip ''
        set format default
    end

     

    #######HQ Site#######
    config log syslogd setting
        set status enable
        set server "192.168.10.26"
        set reliable disable
        set port 514
        set facility syslog
        set source-ip ''
        set format default

     

    Markus
    Markus
    New Member
    September 6, 2018

    on your Brand Site you have to configure source ip in the log settings config log syslogd setting

    set source ip 192.168.100.xx   [style="background-color: #ffff00;"]-->   this is your brand office FTG Interface IP[/style]

     

    [style="background-color: #ffffff;"]On your HQ FTG you have to enable syslog to your NAS [/style]

    [style="background-color: #ffffff;"]Go to Policie and Object and add a new rule[/style]

    [style="background-color: #ffffff;"]Source interface = your vpn interface[/style]

    [style="background-color: #ffffff;"]Destination interface = the interface where the NAS is connectet (I assume this is Internal or LAN)[/style]

    [style="background-color: #ffffff;"]Source adress = all (or make under addresses one new object for your Brand FTG)[/style]

    [style="background-color: #ffffff;"]Destination Address = your NAS[/style]

    [style="background-color: #ffffff;"]Service = Syslog[/style]

     

    [style="background-color: #ffffff;"]In cli the policy should look like this[/style]

     

    [style="background-color: #ffffff;"]conf firewall policy[/style]

    [style="background-color: #ffffff;"]edit # "the number of the policy"[/style]

    [style="background-color: #ffffff;"]show[/style]

    set srcintf "Your BRAND FTG VPN Interface" set dstintf "Your [style="background-color: #ffff99;"]HQ FTG[/style] LAN/Internal Interface"

    set srcaddr "ALL" or "Your [style="background-color: #ffff99;"]BRAND FTG[/style] LAN/Internal Interface"

    set destination "Your NAS" e.g. 192.168.10.26

    set action accept

    set schedule always

    set service syslog

    Terms & ConditionsAccessibility statement