Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Sending logs via VPN [RESOLVED]

Hi Guys, I have just received my first ever shiny FortiAnalyzer - SO EXCITED !! The FortiAnalyzer however is not local to the FortiGates it is due to be analyzing. I have a site-to-site VPN (setup using Interface mode on the Fortigate), and this VPN is working fine... but when I enter in the FortiAnalyzer IP into the Fortigate and hit the Test Connectivity button it says it cannot connect Is there a special trick to route the Syslogs across a VPN like this ? Many thanks ! Matt
5 REPLIES 5
romanr
Valued Contributor

Hi, you will need to give your IPSec interface an ip address which is routable to the Analyzer an be sure you have allowed this traffic on the other end! That' s it actually! best regards, Roman
Jonathan_Schaffelu
New Contributor

Edit the configuration of your Fortianalizer and configure FortiGate interface through which the logs should be sent, usually because he had tried to send the logs over wan. Exemple: FGT60B $ config log fortianalyzer setting FGT60B (setting) $ get status : enable ips-archive : enable gui-display : disable address-mode : static server : 10.10.1.16 (FortiAnalizer) encrypt : disable psksecret : * localid : (null) conn-timeout : 10 source-ip : 0.0.0.0 FGT60B $ config log fortianalyzer setting FGT60B (setting) $ set source-ip 10.200.1.1 (Fortigate Internal IP) FGT60B (setting) $ end
Not applicable

Hi Roman / Jon, Thank you both for your quick replies!! Jon - I have actually enabled the full class-c subnet at each through the VPN, and can ping the FortiAnalyzer internal IP from the FortiGate LAN (but not from the FortiGate CLI... not sure if this is good - doubt it). Roman - I' m not quite sure where you mean for me to set the IPsec interface address... do you mean the Local Gateway IP (as per the attached image)... which I currently have as the default Main Interface IP ? Or somewhere else please ? Thanks so much for your help. Matt
romanr
Valued Contributor

Hi Matt, have a look at System -> Interface ... you will see your Tunnel interfaces there which by default don' t have an address! br, Roman
Not applicable

Thanks Roman - that did the trick !! CASE CLOSED
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors