I would like to forward FortiSASE's syslog to an external syslog server.Currently, Fortigate with SPA license is connected to FortiSASE via VPN, but we would like to make a new VPN connection between FortiSASE and the network where the syslog server is located and forward FortiSASE syslogs.
With Fortigate, it is possible to forward syslogs by making a VPN connection to the network where the syslog server is located, but is it possible to do the same with FortiSASE?
If it is possible, does the device connecting the VPN have to be a Fortigate, or if it has to be a Fortigate, does it require an SPA license there as well?
Thank you.
You can try the following:
VPN tunnel between your Hub and the remote site where the syslog is located and send the logs from FortiSASE (SPA tunnel) >> Hub (VPN Tunnel) >> Remote Syslog server.
I don't believe that this is currently possible as the logs do not come from the FortiOS instances themselves, but from the FortiAnalyzer in the Analytics PoP. The FAZ does not use the customer's FOS instances to forward traffic so it therefore cannot use the SPA connectivity for the log forwarding.
Adrian is correct, I did verify this internally and currently Syslog forwarding to an external server is only supported to a public IP which means the syslog should be reachable via a Virtual IP behind a Fortigate or another Firewall.
If you choose to forward syslog to a public IP over Internet, it is highly recommended to enable reliable connection (TCP) and Secure Connection (TLS). In this case, the server must support syslog over TCP and TLS.
Forwarding syslog to a server via SPA link is currently planned to be implemented in a future release.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.