Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

syslog outside traffic through firewall

I have question as to the best way to perform the task of sending syslog to my logging server on the inside of my network.

I have a couple rotuers and a DMZ with some device in it that I need to collect log info from. I have a 5525X connected to external router and my Syslog server sits inside the ASA. If my syslog server is UDP port 514, would I want to run straight through the firewall? Don't seem quite right to me to send internal IP traffic throught the ASA.

Any suggestions how I'd perform this?

Cisco Employee

syslog outside traffic through firewall

When you say you have a DMZ, is this a different interface on the ASA?  (So you would have Outside, Inside, and DMZ)?  If so, it is perfectly fine to send syslog traffic in the DMZ interface of the ASA and out the Inside.

You essentially want to take the most direct path to the syslog server (and the most secure).  If there are devices/networks between the logging device and the syslog server which you do not control, then you can always establish a VPN tunnel over the insecure network to get your logs securely back to your internal network.



CreatePlease to create content