Hi,
I am trying to configure the Syslog in a Forti1000D with FortiOS 5.6.11 but I have an issue.
Is there a way to send syslog traffic through another interface than the management one?
I have configured the "source-ip" parameter, but it still throwing all the syslog traffic through the management interface instead of using the new one asigned to the configured IP.
For example, in Palo Alto Networks you can configure the "Services Routes" and throw all the Syslog through another interface and specify the IP that you prefer.
Is there something similar in Forti?
Thank you in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I thought the outgoing interface was decided by routing. Have you changed the route for the syslog server to the interface you desire? If the server sits in the management network, then it should always go out through the internet connected to the network.
toshiesumi wrote:Thank you for your reply.I thought the outgoing interface was decided by routing. Have you changed the route for the syslog server to the interface you desire? If the server sits in the management network, then it should always go out through the internet connected to the network.
We have routed the Syslog server network through the desired interface (LAN).
For example, if I try to ping or SSH the server with that source IP, it does through the correct interface (we can see that doing a packet capture in the forti and a tcpdump in the destination server).
The interfaces configuration is something like this:
MGT: 172.16.50.5
LAN: 192.168.100.30/24
Syslog Server: 10.100.100.50
Static Route:
[ul]
If we try to connect to any IP of the Syslog server network (10.100.100.0/24), it works and we can see that the egress interface is always the LAN interface. But the Syslog (with the source-ip set to 192.168.100.30) goes through MGT interface, and it doesn't work.
Any ideas?
Thank you in advance.
Maybe that's the condition/feature of "set dedicated-to managment" on the interface. We have 1000Ds as well but we split them into VDOMs so MGMT interfaces don't live on any of customer's vdoms, and we point vdom's syslog toward the cutomer's own interfaces simply with routing.
If you're ok putting management network on the regular routing table, you might want to test removing management dedication to see if that's the case. Or better yet, open a TT at TAC if nobody else answers to your question.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.