I have 2 site FTG both are 50E and Nas server is Qnap. 2site was connected by VPN Site 2 Site.I planned 2 site send log to NAS server
HQ can record log to NAS (192.168.10.26) because in the same subnet. But Brand site can't send log to NAS.
In this moment Brand site dont have log record . How can setting ?
Regards
Sirichai
HQ 192.168.10.0/24
Nas 192.168.10.26
Brand 192.168.100.0/24
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you have a policy in place? --- Brand FTG --> Tunnel --> NAS --> Syslog --- Do you have set the source IP in syslog config? conf log syslogd* setting --> set source ip = 192.168.100.xx (your brand FTG interface IP) Best,
Markus
________________________________________________________
--- NSE 4 ---
________________________________________________________
In Policy i think didn't set Can you tech me please
I config like this . For HQ send log is worked.
Note : I New for fortigate
######Brand Site#######
config log syslogd setting
set status enable
set server "192.168.10.26"
set reliable disable
set port 514
set facility syslog
set source-ip ''
set format default
end
#######HQ Site#######
config log syslogd setting
set status enable
set server "192.168.10.26"
set reliable disable
set port 514
set facility syslog
set source-ip ''
set format default
on your Brand Site you have to configure source ip in the log settings config log syslogd setting
set source ip 192.168.100.xx [style="background-color: #ffff00;"]--> this is your brand office FTG Interface IP[/style]
[style="background-color: #ffffff;"]On your HQ FTG you have to enable syslog to your NAS [/style]
[style="background-color: #ffffff;"]Go to Policie and Object and add a new rule[/style]
[style="background-color: #ffffff;"]Source interface = your vpn interface[/style]
[style="background-color: #ffffff;"]Destination interface = the interface where the NAS is connectet (I assume this is Internal or LAN)[/style]
[style="background-color: #ffffff;"]Source adress = all (or make under addresses one new object for your Brand FTG)[/style]
[style="background-color: #ffffff;"]Destination Address = your NAS[/style]
[style="background-color: #ffffff;"]Service = Syslog[/style]
[style="background-color: #ffffff;"]In cli the policy should look like this[/style]
[style="background-color: #ffffff;"]conf firewall policy[/style]
[style="background-color: #ffffff;"]edit # "the number of the policy"[/style]
[style="background-color: #ffffff;"]show[/style]
set srcintf "Your BRAND FTG VPN Interface" set dstintf "Your [style="background-color: #ffff99;"]HQ FTG[/style] LAN/Internal Interface"
set srcaddr "ALL" or "Your [style="background-color: #ffff99;"]BRAND FTG[/style] LAN/Internal Interface"
set destination "Your NAS" e.g. 192.168.10.26
set action accept
set schedule always
set service syslog
________________________________________________________
--- NSE 4 ---
________________________________________________________
I config like this . How to test it work ?
config firewall policy
edit 36
set name "LOG from Brand"
set srcintf "S2S-XXXXX-XXX"
set dstintf "VLAN24" ## Vlan is 192.168.10.24/29
set srcaddr "all"
set dstaddr "VLAN24"
set action accept
set status enable
set schedule "always"
set service "SYSLOG"
config log syslogd setting
set status enable
set server "192.168.10.26"
set reliable disable
set port 514
set facility syslog
set source-ip "192.168.100.1"
set format default
end
Hi,
Check if you can see any logs on sylog server .Also allow ping in the HO policy to check the reachablity to syslog server from branch device
Command to ping from branch device is :
Exe ping-option source 192.168.100.1
Exe ping (Syslog server IP)
Ashik
still not work
Hi
Just run below sniff commands and check if icmp traffic is reaching to HO FGT
FGT-HO# diagnose sniffer packet any “(host 192.168.100.1) and icmp” 4
Branch : -Do source ping from fortigate .
FGT-BR: exe ping-option source 192.168.100.1
FGT-BR:exe ping (NAS IP)
Rgeds,
Ashik
Hi, still not working , IN HQ- I've design with VLAN
something wrong ?
FTG-HQ: Incoming : VPN site to site interface
Outgoing : NAS (Vlan24) # 192.168.10.25.GW (192.168.10.24/29) # NAS is 10.26
Source : BR-Lan # 192.168.100.0/24
Destination : NAS LOG #192.168.10.24/29
Service : Log
Action
Nat : Off
Log all session
FTG-HQ:
# diagnose sniffer packet 192.168.100.1 icmp4
interfaces=[192.168.100.1]
filters=[icmp4]
pcap_open_live: 192.168.100.1: No such device exists (SIOCGIFHWADDR: No such device) for 192.168.100.1
execute ping-options source 192.168.100.1
FTG-BR $ execute ping 192.168.10.26
PING 192.168.10.26 (192.168.10.26): 56 data bytes
64 bytes from 192.168.10.26: icmp_seq=0 ttl=63 time=2.8 ms
64 bytes from 192.168.10.26: icmp_seq=1 ttl=63 time=2.7 ms
64 bytes from 192.168.10.26: icmp_seq=2 ttl=63 time=2.7 ms
64 bytes from 192.168.10.26: icmp_seq=3 ttl=63 time=2.7 ms
64 bytes from 192.168.10.26: icmp_seq=4 ttl=63 time=2.7 ms
FTG-BR:
$ show log syslogd setting
config log syslogd setting
set status enable
set server "192.168.10.26"
set facility syslog
set source-ip "192.168.100.1"
end
Hi, I checked log file. The log both site has been record. But in the file log was record both site in 1 File. I want to 2site 2 file
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.