Hai my client uses a separate interface for mgmt
Syslog, radius servers are behind another port on the firewall.
the source ip and interface ip mentioned is the mgmt interface and ip and its required for them,
But no syslog is being send. also radius connectivity fails.
There is a policy that allows traffic from management interface to the server port allowing syslog and radius.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This is an local-out traffic, and does not pass via normal Firewall policy. It uses configured local in-traffic policies.
you need to enable ha-direct if the firewall is in a HA group. Check more details below.
Thanks for the reply,the firewalls are in ha and dedicated mgmt is not selected , will this suggested command above is applicable
set hbdev "ha" 0 "port16" 0
set session-pickup enable
set override disable
set priority 255
set group-name ....
Hello
To get more information regarding Radius fails, use the following CLI commands:
diagnose debug enable
diagnose debug application fnbamd 255
To stop this debug type:
diagnose debug application fnbamd 0
Hello @kevin001 ,
Thank you for contacting the Fortinet Forum portal.
Can you confirm before this behavior are there any firmware upgrades ?
what is the current firmware on the FortiGate device?
As mentioned by @rosatechnocrat the traffic for syslog is self-generated it doesn't fully relay on the firewall policy itself.
Please verify the configuration for Syslog :
Best regards,
Manasa.
If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.
Dear Manasa
This is a new setup with two FortiGate firewalls in HA mode, Dedicated for management is not configured in HA. One interface is separately allocated for management with ip.
Syslog and ISE are connected to servers in port three, and the management ip is on port 1.
The firmware version is 7.2.9
We find while enabling syslog, it uses the interface ip facing Syslog server as the source
also for ISE source ip is the interface facing the server.
We need to check the possibility of the firewall using port 1 management ip as a source for ISE and syslog.
Also, I request another piece of advice regarding FSSO: if a user-based policy is also required instead of groups in FSSO, what kind of agent/collector setup is advised, as collector-only setup helps with group-based policy only it seems.
Thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.