Syslog traffic from a Radware Load Balancing device does not appear to pass through the firewall

Article:TECH80922  |  Created: 2003-01-25  |  Updated: 2007-01-09  |  Article URL http://www.symantec.com/docs/TECH80922
Article Type
Technical Solution


Environment

Issue



You are trying to pass syslog traffic from your Radware device through the firewall. The syslog traffic does not pass through, nor appear to be logged by the firewall.


Cause



radware, 514, syslog, ports, destination,

Solution



This problem is caused by the Radware syslog program using a set source port of 514/UDP instead of an ephemeral port.

To pass Radware syslog traffic:
  1. Connect your Symantec Raptor Management Console (SRMC) to your firewall.
  2. In the left pane, expand Base Components.
  3. Right-click Protocols and choose New > Protocol.
  4. On the General tab, check Display in Rule Window and use a Base Protocol of UDP.
  5. On the TCP/UDP Port Ranges tab, type in a source and destination port of 514.
  6. Create a redirect, using the protocol that you created in step three, to redirect traffic into the syslog server.
  7. Using the protocol, create a rule to allow the firewall to pass the traffic to the syslog server.







Legacy ID



2003022507044854


Article URL http://www.symantec.com/docs/TECH80922


Terms of use for this information are found in Legal Notices