Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Sonicwall SYSLOG sending to workstation over VPN

Hi all,

I have a requirement to have the syslog messages for our HQ firewall and branch office firewall to be sent to a Ubuntu workstation at HQ. We have to have the syslog traffic from the branch office sent over the site to site VPN as the data needs to be encrypted

I have configured the HQ Sonicwall syslog to send the messages to the Ubuntu workstation and this works fine.

I have configured the branch office Sonicwall syslog to send the messages to the Ubuntu workstation and I just cannot get this to work, no matter what way I configure it. I found a number of documents on the topic but I can't find one that gets it to work.

Below is a diagram of the setup.

Any suggestions are welcome. Hopefully somebody else got this setup to work.


Category: Firewall Management and Analytics


  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    The address object for the syslog server on the branch firewall is in what zone? Have you run a packet capture while NOT excluding syslog traffic?

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    What type of site-site VPN is it? I seem to remember I had to create an additional route policy with the firewall X0 IP as the source to get syslog [and SSO/LDAP queries] to work over a tunnel-mode site-site VPN.

    Additional, as in, additional to the route policy for LAN subnets that you would assume would include the firewall's own LAN IP.

  • Options


    thank you both for your responses.

    On firewall_2 I have configured the SYSLOG object as VPN. but I have tried LAN also. It seems that no matter what zone I put the SYSLOG server in it just sends the packets out on the X1 port like below - obviously I want this traffic sent down the tunnel, not out the WAN interface:

    The VPN is a standard Sonicwall to Sonicwall VPN tunnel set up using the wizard. Traffic between the sites is working fine, just not the Syslog traffic that I am trying to route down the tunnel. I did try create a route also, but not as the firewall X0 IP - Maybe that is the key.

    I have Wireshark running on the Syslog Server, but I have never been able to get a single packet to it from the branch office, no matter what configuration change I make. But I will try again with the routing and see if I can crack it.


  • Options

    OMG. The tunnel from the second site was actually connecting to another office, not HQ, I just assumed it was connecting to HQ.

    I have it working. One extra thing that I needed was to edit the VPN tunnel and on the Advanced tab click on the settings for Management VIA This SA

    Once I did this I was able to select the tunnel

    I have to type this up as we have other sites to connect to HQ for the SYSLOG collection, so I will type it up and post here.

    Thanks to my two friends above for their assistance.

Sign In or Register to comment.