Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
polarpanda
New Contributor II

Cannot Sending Syslog to Solarwinds

Hi there,

 

            I'm new to this community and fortigate. I have a question about sending syslog from public ip router to private ip solarwinds. The port for syslog is UDP 514 and it's already open in fortigate. In order to send syslog from a public ip to a private ip, what else do i need to do? Do I need to setup IPv4 policy? I never used fortigate before, so please forgive if question is stupid. Any advice would be helpful. Thank you!!

1 Solution
Toshi_Esumi
Esteemed Contributor III

It's not a matter if it's a public IP or a private one. But if it's routable from the source to the destination as well as the returning route.

I'm assuming the source (router) sits outside of the FGT and the syslog server's private IP is currently not reachable (no route for that on the router). And another assumption is the router is at the same location with the FGT and the syslog server. They you need to decide if you want to simply route through the FGT since it's secure enough to make a hole at NATed outside-facing interface, or let the router to send syslog to the NAT outside interface then set a VIP to map port 514 to the syslog internal IP.

 

Sounds like you already decided to do the former, then only thing you need to do at the FGT is to have proper routes, in case those are not directly connected, and a policy from the router side interface to the syslog server side interface to let it come though without NAT. These wouldn't change FW type whatever you have experience with before. Of course the router needs a route toward the FGT for the syslog server IP.

View solution in original post

1 REPLY 1
Toshi_Esumi
Esteemed Contributor III

It's not a matter if it's a public IP or a private one. But if it's routable from the source to the destination as well as the returning route.

I'm assuming the source (router) sits outside of the FGT and the syslog server's private IP is currently not reachable (no route for that on the router). And another assumption is the router is at the same location with the FGT and the syslog server. They you need to decide if you want to simply route through the FGT since it's secure enough to make a hole at NATed outside-facing interface, or let the router to send syslog to the NAT outside interface then set a VIP to map port 514 to the syslog internal IP.

 

Sounds like you already decided to do the former, then only thing you need to do at the FGT is to have proper routes, in case those are not directly connected, and a policy from the router side interface to the syslog server side interface to let it come though without NAT. These wouldn't change FW type whatever you have experience with before. Of course the router needs a route toward the FGT for the syslog server IP.

Labels
Top Kudoed Authors