Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor

Send logs to fortianalyzer from a VDOM except itself and the management

Hi,

This is the scenario

A VDOM named Mycompany is the main traffic VDOM

A VDOM named MGMTFGD is responsible for connecting to Fortiguard (It's marked as the management VDOM)

A VDOM named OOB is going to be used for Admins interaction and also sending logs to Fortianalyzer

The Global VDOM is also present

 

I want all the VDOMs (specially the MGMTFGD and Mycompany) logs to be sent to Fortianalyzer which is reachable via OOB VDOM

 

When configuring FAZ-Override settings in Mycompany VDOM, I just have two options:

1- Sending logs through the VDOM itself

2- Sending logs through the management VDOM which is MGMTFGD

 

In the command line, I cannot find any command to dictate the firewall sending logs neither through itself or the Management vdom (Here MGMTFGD) but using a third VDOM which is OOB

And for security reasons I'm not going to change (Switch management) the Fortiguard VDOM to OOB.

 

Hope its all clear

 

Regards,

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
1 Solution
srajeswaran
Staff
Staff

We can use inter-VDOM links - https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/335646/inter-vdom-routing

 

For example, create a VDOM link between MGMTFGD and OOB and then add a route on MGMTFGD towards FortiAnalyzer pointing to the VDOM Link towards OOB. Same need to be done of the other VDOMS as well.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4 REPLIES 4
srajeswaran
Staff
Staff

We can use inter-VDOM links - https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/335646/inter-vdom-routing

 

For example, create a VDOM link between MGMTFGD and OOB and then add a route on MGMTFGD towards FortiAnalyzer pointing to the VDOM Link towards OOB. Same need to be done of the other VDOMS as well.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

mhdganji

Hi,

You're totally right but isn't there an easier way for accomplishing this? This needs Intervdom links, Routing definitions and opening a path between the secure Fortiguard VDOM to the internal management OOB interface which in turn brings some security considerations in between.

 

I mean, an option or command to define in config log fortianalyzer settings just to say:

 

set vdom OOB

 

If not, do you think this can be put as a feature request?

 

Regards,

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
srajeswaran

This is how I see it.

The idea of VDOM is to separate one FW into multiple logical firewalls. Lets say VDOM1 is for customer1 and VDOM2 is for customer 2, ideally customer 1 won't be using customer2 's setup to send their logs. If they still wanna do it, they can create a connection between them (physical links or the vlinks).
Feel free to share your thoughts.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

mhdganji

Hmm...

I always have looked into the concept of VDOM's for another goal too and that is separating some routes, traffics and policies within a big organization.

 

Anyway I think putting a simple set vdom command for FAZ logs would not be a bad idea.

For now, I'll go with the Inter-VDOM link for doing the job.

 

Regards,

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
Top Kudoed Authors