The article describes the case when Syslog Server is connected to FortiGate via IPSec VPN Tunnel and stops sending logs periodically.
Scope
FortiGate & Syslog.
Solution
As a workaround, disabling and enabling the Syslog Server fixes the issue however, this is not the feasible method.
To fix this effectively, do the following:
- Review the Syslog Configuration to ensure the Server IP and other details are correctly entered.
- Disable NPU Offload in IPsec VPN Tunnel and Asic Offload in Firewall Policies of that IPSec VPN. To learn more about NPU Offload and ASIC offloading to ways to disable them, refer to this article:
Technical Tip: FortiGate Disable Hardware Acceleration - Check the working traffic via Sniffer or Flow Debug using the Syslog Server IP and its port.