Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
just_another_technic
New Contributor

How to send syslog through another interface than management

Hi,

 

I am trying to configure the Syslog in a Forti1000D with FortiOS 5.6.11 but I have an issue.

 

Is there a way to send syslog traffic through another interface than the management one?

I have configured the "source-ip" parameter, but it still throwing all the syslog traffic through the management interface instead of using the new one asigned to the configured IP.

 

For example, in Palo Alto Networks you can configure the "Services Routes" and throw all the Syslog through another interface and specify the IP that you prefer.

 

Is there something similar in Forti?

 

 

Thank you in advance.

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

I thought the outgoing interface was decided by routing. Have you changed the route for the syslog server to the interface you desire? If the server sits in the management network, then it should always go out through the internet connected to the network.

just_another_technic

toshiesumi wrote:

I thought the outgoing interface was decided by routing. Have you changed the route for the syslog server to the interface you desire? If the server sits in the management network, then it should always go out through the internet connected to the network.

Thank you for your reply.

We have routed the Syslog server network through the desired interface (LAN).

For example, if I try to ping or SSH the server with that source IP, it does through the correct interface (we can see that doing a packet capture in the forti and a tcpdump in the destination server).

 

The interfaces configuration is something like this:

MGT: 172.16.50.5

LAN: 192.168.100.30/24

Syslog Server: 10.100.100.50

 

Static Route:

[ul]
  • Destination: 10.100.100.0/24
  • Interface: LAN
  • Gateway: 192.168.100.10[/ul]

     

    If we try to connect to any IP of the Syslog server network (10.100.100.0/24), it works and we can see that the egress interface is always the LAN interface. But the Syslog (with the source-ip set to 192.168.100.30) goes through MGT interface, and it doesn't work.

     

    Any ideas?

     

    Thank you in advance.

     

  • Toshi_Esumi

    Maybe that's the condition/feature of "set dedicated-to managment" on the interface. We have 1000Ds as well but we split them into VDOMs so MGMT interfaces don't live on any of customer's vdoms, and we point vdom's syslog toward the cutomer's own interfaces simply with routing.

    If you're ok putting management network on the regular routing table, you might want to test removing management dedication to see if that's the case. Or better yet, open a TT at TAC if nobody else answers to your question.

    Labels
    Top Kudoed Authors