Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
xiaoj
Staff
Staff

Created on ‎07-31-2024 02:54 PM

Article Id 329669

Technical Tip: Syslog traffic with Source NAT going through IPsec Tunnel

Description This article describes how to configure source NAT in FortiGate A for Syslog traffic that needs to go through the IPsec tunnel to reach the Syslog server behind FortiGate B.
Scope

Network setup:

 

Picture1.png
Solution

The site-to-site tunnel is up and running between 'Fortigate_A' and 'Fortigate_B'. The traffic between 192.168.100.0/24 and 10.220.8.0/24 is allowed to go through the IPsec tunnel.

 

Picture2.png

 

The IP pool, 192.168.100.1-192.168.100.254, has been created for local LAN traffic source NAT.

 

Picture3.png

 

For the Syslog traffic, configure a loopback interface with the source NAT pool's IP.

 

Picture4.png

 

The lookback interface IP is used as the syslog source IP.

 

Picture5.png

 

The Syslog traffic is permitted by the phase 2 selector and forwarded to the Syslog server at the remote site.

 

Picture6.png
Labels:
262
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.