How to Send Syslogs out another Interface other than X0

By Default the SonicWall UTM appliance uses the X0 interface to generate syslogs over a VPN. This article will walk you through how to configure your GMS and SonicWall UTM appliance to send syslogs out another interface when not using the X0 interface. This method uses Tunnel Interface, so a VPN configured as Site-to-Site will not work in this method.

1. Make sure the GMS management is turned off. Verify by going to System | Administrator then scroll down to GMS management and uncheck the box then hit accept at the top of that screen.
2. Next, go to Log | Syslog
   
3. Click on the Add... button towards the left side of the screen
   
4. For Outbound Interface, select the Tunnel Interface that is going to be used to send syslog traffic across
5. For Local Interface, select the Interface that will be the origin of creation of the syslog
6. At the the top of the Window, for Name or IP Address, select the IP address that is going to be used as the source of creation. (This can be the same IP on the Interface, just select the Interface address object)

Configuration on the SonicWall GMS

1. Log into the UMA (/sgms) side of the GMS
2. Go to the Firewall Tab
   
3. 
   a. If modifying a unit, right-click on the unit and select modify unit.
   b. If adding a new unit, right-click in the left pane and select add unit
   
4. For Managed Address, select Specify Manually and then fill in the field next to it with the IP address being used as the origin of the syslogs from the remote SonicWall UTM appliance.
5. Check the box for "Make manual address sticky"