Configuring Syslog traffic over MPLS in SonicWall

Description

This KB describes how to configure the SonicWall firewall to route Syslog server traffic over an MPLS link, ensuring correct traffic forwarding from the firewall to the Syslog server.

Scenario Overview: You have a SonicWall appliance with an MPLS connection on a dedicated interface. The objective is to ensure all Syslog traffic is sent to a server (e.g., 10.10.20.10) over this MPLS link.

Assumptions:

  • Syslog Server IP: 10.10.20.10

  • LAN Subnet: 192.168.1.0/24

  • MPLS Interface: A dedicated physical interface on the firewall

  • MPLS Next Hop: 10.10.10.1

  • Syslog Port: 514 (UDP)

Step 1: Configure the MPLS Interface

  1. Navigate to Network | Interfaces.

  2. Edit the interface connected to MPLS.

    • Mode: Static IP

    • IP Address: 10.10.10.2

    • Subnet Mask: As per MPLS subnet (e.g., 255.255.255.252)

    •  

      Zone: LAN or create a custom zone like MPLS
      Image

 

Step 2: Create Address Object for Syslog Server

  1. Navigate to Network |Address Objects |Add.

    • Name: Syslog_Server

    • Zone: MPLS

    • Type: Host

    •  

      IP Address: 10.10.20.10
      Image

Step 3: Add Static Route

  1. Navigate to Network |Routing | Add.

    • Source: Any or 192.168.1.0/24

    • Destination: Syslog_Server

    • Service: Syslog (UDP 514)

    • Interface: MPLS interface

    • Gateway: 10.10.10.1

    • Enable: "Disable Route When Interface is Down"

      Image

Important:Even if the MPLS interface is configured, the firewall typically only learns directly connected subnets. If the Syslog server is located on a different subnet within the MPLS network, a specific route is necessary to ensure traffic is forwarded properly. Additionally, specifying the service ensures only Syslog traffic takes this route, preventing asymmetry and unintended routing for other services.

 

Step 4: Configure Syslog Settings

  1. Navigate to Log |Syslog.

    • Syslog Server IP: 10.10.20.10

    • Port: 514

    • Facility and Priority: As required

    • Ensure logging categories are enabled as needed (system, firewall events, etc.)

      Image

 

Step 5: (Optional) NAT Policy

If the syslog server expects traffic from a specific source IP (e.g., the MPLS interface IP):

  1. Navigate to Policy| NAT Rule | Add.

    • Original Source: 192.168.1.0/24 or Any

    • Translated Source: MPLS interface IP (10.10.10.2)

    • Original Destination: Syslog_Server

    • Service: Syslog

    • Inbound Interface: Any

    •  

      Outbound Interface: MPLS interface
      Image

Related Articles

  • Enable public access on SonicWall NSv in Azure
    Read More
  • Cysurance Partner FAQ
    Read More
  • SonicOS API: TOTP based two-factor authentication for management by Admin user
    Read More

Categories

Firewalls
NSa Series
Networking
Firewalls
NSa Series
Logging/Alerts
not finding your answers?
Ask the Community
was this article helpful?
YesNo