USG FELX 200 - Remote syslog on IPSec

Options
nubira
nubira Posts: 14
First Anniversary Friend Collector First Comment
Hello Community,

I set up remote system logging. The remote server can be accessed via IPSEC VPN. The VPN connection is live, I can successfully access the remote server using the connection test. However, there are no inbound system log entries on the remote server.
What could be the problem?
May the USG not be able to send them via IPSEC VPN?

Thanks

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Options

    Hi @nubira,

     

    Can you try adding one static policy route rule directly pointing to the Syslog server?

     

    Example:

    If your syslog server’s IP 192.168.20.34, please add following Static Route;

    (Configuration > Network > Routing > Static Route)


    Choose Next-Hop as IPSec VPN’s Local Policy interface.
  • nubira
    nubira Posts: 14
    First Anniversary Friend Collector First Comment
    Options

    i created the static route entry but it didn't help. Log entries do not appear on the remote system log server. Do you have any other suggestions?

    Thanks!



  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Options
    Hi @nubira,

    Can you draw your topology with IP addresses for this setup?
  • CHS
    CHS Posts: 181  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    The static route helps the traffic pass through to branch site from my local device.
    I accessed local device by SSH sent ICMP to Server in the branch.
    Before created static route, the PING is fail. But static route seems helped in my case.
    You may also send traffic from local device to peer server in your environment.
  • nubira
    nubira Posts: 14
    First Anniversary Friend Collector First Comment
    Options
    Hi Zyxel_Can

    here is my topology:


    I want the USG FLEX 200 to send the log entries to the server 192.168.0.254.

    Thanks!
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Options
    Hi @nubira,

    As @CHS mentioned above, you can create static route rule to your USG FLEX 200's interface.

    Configuration > Log & Report > Log Settings > Remote Server settings should be as in the following;


    Configuration > Network > Routing > Static Route settings should be as in the following screenshot;


    Make sure that 192.168.0.254’s firewall doesn’t block the syslog’s traffic.

     

    You can use following software for testing;


    If that doesn’t solve your issue, can you provide me remote admin access both for USG FLEX 200, USG FLEX 500 and Syslog server?

  • AMI
    AMI Posts: 10
    First Anniversary First Comment
    Options
    Has this ever been resolved? This is a note for the Devs. What is missing is a Syslog source interface, so one can define from what IP the FW sends the Syslogs. It is especially funny if you have In and Out NAT in VPN due to conflicting IPs, whilst using Public IPs as the VPN SA. The FW sends the Syslogs through the VPN (because i have a policy route from ZYWALL to "IP DESTINATION") but since the Destination is a Public IP (used inside the VPN) it is using the WAN ip address as a source. It actually comes out the other side (also a Zyxel) but with the WAN as source from the VPN Tunnel - which it shouldnt even allow cause the SA does not include the Public IP.  now if this sounds confusing - it is. But since i need the logs at the moment, i ignore the fact that it should not work that way..... 
  • nubira
    nubira Posts: 14
    First Anniversary Friend Collector First Comment
    Options

    Thank you, we have stopped using this feature.

Security Highlight