Source IP of Dimension Logging Traffic
I have Watchguard Fireboxes at various locations connected to my head office with BOVPN’s.
I have a Dimension server which I recently set up to receive logging messages from the Fireboxes.
Some of the Fireboxes send their logging messages from their local LAN interface IP address, and some send their logging messages from their WAN IP.
What causes the device to choose which interface to send its logging traffic?
I am searching for differences in the configs and policies at the moment.
Any help would be appreciated.
Thank you.
0
Sign In to comment.
Comments
If the firewall has a route to the dimension server using an internal network, it will try that first, and use the IP address of that interface.
If the firewall does not have a route, it will source from the external IP of the lowest numbered external interface (by default) unless it is overridden by SD-WAN.
You can enable placing policies above the any-from-firebox rule, which allows you to specify thinks like custom SD-WAN policies, and NAT settings applied to that traffic:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policies_firebox_generated_traffic_config_examples.html
-James Carson
WatchGuard Customer Support