Does it work when i set the "syslog source" as 0.0.0.0 in FAC FSSO ?
Hi, FAC masters,
As the title, since the customer's Radius server sent syslog from different source IP addresses. So I have to set several IP as source as well, In case not miss any, can i just set it as 0.0.0.0 ?I found it could save, but not sure it works alright.
"Each syslog source must be defined for the syslog daemon to accept traffic. Each source must also be configured with a matching rule (either pre-defined or custom built; see below), and syslog service must be enabled on the network interface(s) that will listen to remote syslog traffic."
So I think we need to define them individually is what I think. But still we can see if anyone had an idea.
simply NO. According to lab test I did it is not working when I use rule on client defined as 0.0.0.0. Regardless it is accepted and saved to config. Probably simply because it is valid IP from range. What I believe is that we do simple exact IP match between allowed sources and actual senders. As your packet is not truly coming into FAC with src IP as 0.0.0.0, then it does not match and it is silently discarded. Not even logged .. which I would like to see.
Therefore if you need something like we have in RADIUS Service, where clients can be defined as range to netmask, so 10.0.0.0/24 for example would be valid source. Then this needs to pass through NFR. It would be nice enhancement, and we might have a code already (like that RADIUS), so no labor intensive, and should you have customer asking for it (in need), it might push and make that NFR happen. Go for it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.