topic ASA FDM setup syslog in Network Security

ASA FDM setup syslog

SeokGeunChoi73564 — Tue, 06 Sep 2022 01:05:52 GMT

Hi all.

I have problem about setup syslog for ASA FDM.

this is current topology.

Each network firewall linked on Backbone SW and they can communicate.

And BB can ping with each FW's outside interface, but can't inside interface.

Syslog server is located inside of Svr FW.

I want to get syslog data from Office FW too, especially "inside interface".

How can I get syslog data from Office FW inside interface?

Re: ASA FDM setup syslog

Rob Ingram — Tue, 06 Sep 2022 09:04:33 GMT

@SeokGeunChoi73564 do you have 2 firewalls? with a FW between BB and SYSLOG? If so you can always ping the outside interface, but you CANNOT (by design) ping through the FTD (or ASA) to the FTD's inside interface - it won't work. You'd have to ping through the FTD to SYSLOG, this communication is controlled by the Access Control Policy on the FTD and will need to be explictly configured.

Re: ASA FDM setup syslog

SeokGeunChoi73564 — Tue, 06 Sep 2022 23:56:24 GMT

Hi,

1. do you have 2 firewalls? with a FW between BB and SYSLOG? : Yes, There is several ASA FTD firewall and one of them located between BB and SYSLOG.

+ Syslog can gathering data from ServerFarm firewall and Main firewall too.

+ But couldn't gather data from other firewall, because can't communicate with inside interface of each firewalls

2. this communication is controlled by the Access Control Policy on the FTD : I did adjust policy like this one.

This ACL Policy is first affected rule with allow 192.168.X.X (Sever network), and destination IP is Office FTD inside IP.

Here is topology..

ISP > Main FTD > BB - Office FTD - Office Middle SW

L Server FTD - Server SW - Syslog

BB (10.10.220.1/29, 10.10.222.1/29)

Office (Outside : 220.2/29 | Inside : 222.9/29)

Server (Outside : 222.2/29 | Inside : 222.9/29)