Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ykenny
Staff
Staff

Created on ‎09-14-2023 02:32 AM Edited on ‎09-14-2023 02:34 AM

Does it work when i set the "syslog source" as 0.0.0.0 in FAC FSSO ?

Hi, FAC masters,

As the title, since the customer's Radius server sent syslog from different source IP addresses. So I have to set several IP as source as well, In case not miss any, can i just set it as 0.0.0.0 ?I found it could save, but not sure it works alright.

Thanks!

1694683646105.jpg

 
Labels:
402
0 Kudos
2 REPLIES 2
saneeshpv_FTNT
Staff
Staff

Created on ‎09-14-2023 03:45 AM

Hi @ykenny 

 

Did you see this article, I hope you would have. 

 

https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/713528/syslog-sourc...

 

It says,

"Each syslog source must be defined for the syslog daemon to accept traffic. Each source must also be configured with a matching rule (either pre-defined or custom built; see below), and syslog service must be enabled on the network interface(s) that will listen to remote syslog traffic."

 

So I think we need to define them individually is what I think. But still we can see if anyone had an idea.

 

Best Regards,

382
xsilver_FTNT
Staff
Staff

Created on ‎10-10-2023 11:13 PM

Hi @ykenny 

 

simply NO. According to lab test I did it is not working when I use rule on client defined as 0.0.0.0.
Regardless it is accepted and saved to config. Probably simply because it is valid IP from range.
What I believe is that we do simple exact IP match between allowed sources and actual senders.
As your packet is not truly coming into FAC with src IP as 0.0.0.0, then it does not match and it is silently discarded. Not even logged .. which I would like to see.

 

Therefore if you need something like we have in RADIUS Service, where clients can be defined as range to netmask, so 10.0.0.0/24 for example would be valid source. Then this needs to pass through NFR. It would be nice enhancement, and we might have a code already (like that RADIUS), so no labor intensive, and should you have customer asking for it (in need), it might push and make that NFR happen. Go for it.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

292
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.