Add Access rules allowing traffic from Log Servers to external hosts

If the external host and Log Server are separated by a Firewall or Layer 2 Firewall, you must add rules to allow traffic from the Log Server to the host.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Expand Policies, then browse to the type of policy you want to edit.
  3. Right-click the policy, then select Edit Firewall Policy or Edit Layer 2 Firewall Policy.
  4. Click the IPv4 Access or IPv6 Access tab, then add an Access rule with the following values:
    • Source — Log Server
    • Destination — Host element
    • Service — Syslog (UDP), Syslog (TCP), or NetFlow (UDP), depending on the protocol used. For TLS-protected traffic, select TCP with TLS.

      The same Service and Port that was selected in the Log Forwarding rule must be selected here.

    • Action — Allow
    • LoggingNone (recommended in most cases)

      Note: Logging the log forwarding can create a loop where the log forwarding creates a log entry each time. If you want to log the log forwarding, create a local filter in the Log Forwarding rule to exclude logs related to forwarding.
  5. Save and install the policy to start using the new configuration.