Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hbh
Staff
Staff

Created on ‎11-17-2022 10:30 PM

Technical Tip : Change Source IP for SYSLOG

Description This article describes how to change the source ip of Fortigate SYSLOG Traffic.
Scope FortiGate running single VDOM or multi-vdom.
Solution

FortiGate will use the source IP by default, as one of the egress interfaces.
In order to source the traffic from a loopback or from a different interface, the following settings have to be enabled:

FortiGate with Single VDOM:

 

# config log syslogd setting
    set status enable
    set server "x.x.x.x"  ==>==> Syslog Server IP 
    set source-ip y.y.y.y ==>==> source ip to use 
end


FortiGate with Multi-vdom:
Firewalls with multi-vdom can have a specific Syslog server for each VDOM.

 

To enable vdom-specific Syslog Server, the following feature has to be enabled:


# config vdom
    edit <vdom_name>

    config log setting

        set syslog-override enable  <----- This enables VDOM specific syslog server.

    end

 

To change the source-ip of vdom-specific syslog traffic:

 

# config log syslogd override-setting

    set server "x.x.x.x"   <----- Syslog Server IP.
    set source-ip y.y.y.y  <----- Source IP to use. 
end

 

987
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.