Hi,
This is the scenario
A VDOM named Mycompany is the main traffic VDOM
A VDOM named MGMTFGD is responsible for connecting to Fortiguard (It's marked as the management VDOM)
A VDOM named OOB is going to be used for Admins interaction and also sending logs to Fortianalyzer
The Global VDOM is also present
I want all the VDOMs (specially the MGMTFGD and Mycompany) logs to be sent to Fortianalyzer which is reachable via OOB VDOM
When configuring FAZ-Override settings in Mycompany VDOM, I just have two options:
1- Sending logs through the VDOM itself
2- Sending logs through the management VDOM which is MGMTFGD
In the command line, I cannot find any command to dictate the firewall sending logs neither through itself or the Management vdom (Here MGMTFGD) but using a third VDOM which is OOB
And for security reasons I'm not going to change (Switch management) the Fortiguard VDOM to OOB.
Hope its all clear
Regards,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
We can use inter-VDOM links - https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/335646/inter-vdom-routing
For example, create a VDOM link between MGMTFGD and OOB and then add a route on MGMTFGD towards FortiAnalyzer pointing to the VDOM Link towards OOB. Same need to be done of the other VDOMS as well.
We can use inter-VDOM links - https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/335646/inter-vdom-routing
For example, create a VDOM link between MGMTFGD and OOB and then add a route on MGMTFGD towards FortiAnalyzer pointing to the VDOM Link towards OOB. Same need to be done of the other VDOMS as well.
Created on 03-21-2023 01:21 AM Edited on 03-21-2023 01:23 AM
Hi,
You're totally right but isn't there an easier way for accomplishing this? This needs Intervdom links, Routing definitions and opening a path between the secure Fortiguard VDOM to the internal management OOB interface which in turn brings some security considerations in between.
I mean, an option or command to define in config log fortianalyzer settings just to say:
set vdom OOB
If not, do you think this can be put as a feature request?
Regards,
This is how I see it.
The idea of VDOM is to separate one FW into multiple logical firewalls. Lets say VDOM1 is for customer1 and VDOM2 is for customer 2, ideally customer 1 won't be using customer2 's setup to send their logs. If they still wanna do it, they can create a connection between them (physical links or the vlinks).
Feel free to share your thoughts.
Created on 03-21-2023 04:20 AM Edited on 03-21-2023 04:22 AM
Hmm...
I always have looked into the concept of VDOM's for another goal too and that is separating some routes, traffics and policies within a big organization.
Anyway I think putting a simple set vdom command for FAZ logs would not be a bad idea.
For now, I'll go with the Inter-VDOM link for doing the job.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.