I'm trying to send syslog messages from a fortigate (v6.2.3) to a local syslog server using ipv6. I have ipv6 connectivity confirmed between the fortigate and the syslog server on the same network segment. When I assign the syslog server's ipv6 address in the "Send logs to syslog" setting on the fortigate, the syslog messages do not reach the syslog server (confirmed via wireshark). If I switch that ipv6 address to the ipv4 address of the syslog server the message begin showing up at the syslog server.
I am wondering if I can only achieve this by first sending the syslog log messages to a Fortianalyzer rather than directly from the fortigate? I thought the Fortigate was supposed to be able to handle this, maybe I'm missing something?
I think the main question is whether you have ipv6 connectivity from FortiGate to FAZ. Can you ping the FAZ, do you have correct routing? In a packet cpature, does the packet leave the FG on the correct interface to FAZ? Is the FAZ configured with IPv6 and routing for IPv6?
This may help on the FAZ side:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.