Syslogs are not sent through tunnel (vpn tunnel interface and site to site)

Syslog Traffic

Customer has a VPN Tunnel (Tunnel Interface Mode or S2S) and behind the tunnel he has the GMS System.

The Tunnel is up and running and the GMS System is in the Destination Network of the VPN Tunnel

Symptom:

The IP of the GMS tunnel is ping-able from Site A through the tunnel to Site B and udp:514 is allowed, however the syslogs are still not arriving 

- The syslogs (typically udp:514 are generated from the firewall)

- typically the firewall generates via the X0 interface the syslogs and then sents it out

- In some cases X0 is not part of the local network of the VPN or the customer does not use the X0 network and want for example the X2 or X3 network as a local vpn network. In this case, the syslog which are generated from X0 are not sent through the tunnel because it simply they are not part of the vpn tunnel definition (or let's say not part of the Local Network Definition of the site to site vpn tunnel) . In the tunnel interface vpn it is similar but you have to check the Source Network of the Routing entry of the VPN Tunnel

Solutions:

-> Upgrade to 5.9.1.5 if you are on a older version like 5.9.1.0

-> Go to Log -> Syslog and click on the Edit Button of the GMS/Analyzer Entry

------>  A new Window pops up and then select the right Source Interface for your VPN Tunnel

Example:

Site A, X0: 192.168.100.x , X2: 192.168.120 , X3: 192.168.130  

VPN Tunnel VPN120 goes from 192.168.120  -------> site B   192.168.200.x

Your VPN Tunnel is a Tunnel Interface Tunnel (lets say it is a VPN Tunnel Interface with the Name VPN120 ) ,

====> then Select Interface X2 , which means the Firewall will generate the syslogs from the X2 interface