Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ykenny
Staff
Staff

Does it work when i set the "syslog source" as 0.0.0.0 in FAC FSSO ?

Hi, FAC masters,

As the title, since the customer's Radius server sent syslog from different source IP addresses. So I have to set several IP as source as well, In case not miss any, can i just set it as 0.0.0.0 ?I found it could save, but not sure it works alright.

Thanks!

1694683646105.jpg

 
2 REPLIES 2
saneeshpv_FTNT

Hi @ykenny 

 

Did you see this article, I hope you would have. 

 

https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/713528/syslog-sourc...

 

It says,

"Each syslog source must be defined for the syslog daemon to accept traffic. Each source must also be configured with a matching rule (either pre-defined or custom built; see below), and syslog service must be enabled on the network interface(s) that will listen to remote syslog traffic."

 

So I think we need to define them individually is what I think. But still we can see if anyone had an idea.

 

Best Regards,

xsilver_FTNT
Staff
Staff

Hi @ykenny 

 

simply NO. According to lab test I did it is not working when I use rule on client defined as 0.0.0.0.
Regardless it is accepted and saved to config. Probably simply because it is valid IP from range.
What I believe is that we do simple exact IP match between allowed sources and actual senders.
As your packet is not truly coming into FAC with src IP as 0.0.0.0, then it does not match and it is silently discarded. Not even logged .. which I would like to see.

 

Therefore if you need something like we have in RADIUS Service, where clients can be defined as range to netmask, so 10.0.0.0/24 for example would be valid source. Then this needs to pass through NFR. It would be nice enhancement, and we might have a code already (like that RADIUS), so no labor intensive, and should you have customer asking for it (in need), it might push and make that NFR happen. Go for it.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

Top Kudoed Authors