USG FELX 200 - Remote syslog on IPSec
Hello Community,
I set up remote system logging. The remote server can be accessed via IPSEC VPN. The VPN connection is live, I can successfully access the remote server using the connection test. However, there are no inbound system log entries on the remote server.
What could be the problem?
May the USG not be able to send them via IPSEC VPN?
What could be the problem?
May the USG not be able to send them via IPSEC VPN?
Thanks
0
All Replies
-
Hi @nubira,
Can you try adding one static policy route rule directly pointing to the Syslog server?
If your syslog server’s IP 192.168.20.34, please add following Static Route;
(Configuration > Network > Routing > Static Route)
Choose Next-Hop as IPSec VPN’s Local Policy interface.
0 -
Dear @Zyxel_Can,i created the static route entry but it didn't help. Log entries do not appear on the remote system log server. Do you have any other suggestions?Thanks!
0 -
The static route helps the traffic pass through to branch site from my local device.
I accessed local device by SSH sent ICMP to Server in the branch.
Before created static route, the PING is fail. But static route seems helped in my case.
You may also send traffic from local device to peer server in your environment.0 -
Hi @nubira,
As @CHS mentioned above, you can create static route rule to your USG FLEX 200's interface.
Configuration > Log & Report > Log Settings > Remote Server settings should be as in the following;Configuration > Network > Routing > Static Route settings should be as in the following screenshot;
Make sure that 192.168.0.254’s firewall doesn’t block the syslog’s traffic.
You can use following software for testing;
If that doesn’t solve your issue, can you provide me remote admin access both for USG FLEX 200, USG FLEX 500 and Syslog server?
0 -
Has this ever been resolved? This is a note for the Devs. What is missing is a Syslog source interface, so one can define from what IP the FW sends the Syslogs. It is especially funny if you have In and Out NAT in VPN due to conflicting IPs, whilst using Public IPs as the VPN SA. The FW sends the Syslogs through the VPN (because i have a policy route from ZYWALL to "IP DESTINATION") but since the Destination is a Public IP (used inside the VPN) it is using the WAN ip address as a source. It actually comes out the other side (also a Zyxel) but with the WAN as source from the VPN Tunnel - which it shouldnt even allow cause the SA does not include the Public IP. now if this sounds confusing - it is. But since i need the logs at the moment, i ignore the fact that it should not work that way.....0
-
Thank you, we have stopped using this feature.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight