Syslog in Panorama Policy

Sanjay_Ramaiah — Wed, 15 May 2024 10:39:02 GMT

Hi All,

We have multiple firewalls managed by Panorama. We have single Template managing these firewalls.

There are local Syslog configs done on each firewall as logs is being pushed on different ports. But now we have multiple rules configured in Panorama template pushed on to all firewalls with no Log forwarding on the policy.

But to configure the syslog on policies in Panorama may i know how to configure it? The problem is we have different syslog on different ports it is forwarding the logs. Please suggest.

Regards,

Sanjay S

Re: Syslog in Panorama Policy

aleksandar.astardzhiev — Fri, 24 May 2024 20:47:13 GMT

Hi @Sanjay_Ramaiah ,

Lets first clarify something:
- Templates are pushing device level settings and configuration

- Device Groups are pusing fireall policies (security, nat, decryption etc).

You define Syslog server in a template and then you create log forwarding profile using that syslog server and assign this profile on the firewalls.

It is not clear from your description what is your setup
- Are you using same device group for all firewall? Pushing same policy for all firewalls?

- Are you using same template and template stack to push device settings? Or you are using separate template stack for each fw?

One way to achieve what you want is:

- Create Syslog Server profile inside a template used by the firewalls. Use exactly the same name for the Syslog server object (not the hostname, but the name of the server profile.

- Push this template from Panorama to firewalls. Since your FWs are already having same syslog profile locally they will override the config pushed from Panorama and keep the ports and hostname/ip as they were before

- On the Panorama, create log forwarding profile (Objects -> Log Forwarding). Name the object "default", this way Panorama will automatically select it for every newly create firewall rule (avoiding human error to forget to set log forwarding profile). For all existing rules you need to manually update all rules (one by one) and add the log forwarding profile.

- Push device group to all firewalls.

If you use the same name for the syslog server object on all firewalls, you can have same log forwarding profile, but specific syslog server settings.

Re: Syslog in Panorama Policy

Sanjay_Ramaiah — Tue, 28 May 2024 15:09:48 GMT

Thanks @aleksandar.astardzhiev,

I will give a try on this and update you .

topic Syslog in Panorama Policy in Panorama Discussions

Syslog in Panorama Policy

Re: Syslog in Panorama Policy

Re: Syslog in Panorama Policy