Logging Through a BOVPN Tunnel

If you have Fireboxes at two sites connected with a branch office VPN tunnel, you can enable the devices at both sites to send log messages to a Dimension server located at one of the sites. To use the same Dimension server for both sites, you can add tunnel routes to the configuration of both devices.

For example, consider an organization that has Fireboxes at two sites, Site A and Site B, connected with a branch office VPN tunnel. The administrator wants the Firebox at Site B to send log messages to the Dimension server located at Site A.

Add a Tunnel Route to the Site A BOVPN Configuration

At Site A, you must add a tunnel route for traffic through the BOVPN tunnel from Site B to the local Dimension server.

  1. Connect to Fireware Web UI for the Firebox at Site A.
  2. Select VPN > Branch Office VPN.
  3. Select the existing tunnel to Site B and click Edit.
  4. In the Addresses tab, click Add.
  5. In the Local IP section, in the Host IP text box, type the IP address of the Dimension server.
  6. In the Remote IP section, in the Host IP text box, type the IP address of the external interface at Site B.
  7. Save the configuration to the device.
  1. Open the device configuration for the Site A device in Policy Manager.
  2. Select VPN > Branch Office Tunnels.
  3. Select the existing tunnel to Site B and click Edit.
    The Edit Tunnel dialog box opens.
  4. In the Addresses tab, click Add.
    The Tunnel Route Settings dialog box opens.
  5. In the Local text box, type the IP address of the Dimension server.
  6. In the Remote text box, type the IP address of the external interface of the device at Site B.
  7. Save the configuration to the device.

Add a Tunnel Route to the Site B BOVPN Configuration

At Site B, you must also add a tunnel route for traffic through the BOVPN tunnel between Site B and the Dimension server at Site A.

  1. Connect to Fireware Web UI for the Firebox at Site B.
  2. Select VPN > Branch Office VPN.
  3. Select the existing tunnel to Site A and click Edit.
  4. In the Addresses tab, click Add.
  5. In the Local IP section, in the Host IP text box, type the external IP address of the Site B device.
  6. In the Remote IP section, in the Host IP text box, type the IP address of the Dimension server located at Site A.
  7. Save the configuration to the device.
  1. Open the device configuration for Site B in Policy Manager.
  2. Select VPN > Branch Office Tunnels.
  3. Select the existing tunnel to Site A and click Edit.
    The Edit Tunnel dialog box opens.
  4. In the Addresses tab, click Add.
    The Tunnel Route Settings dialog box opens.
  5. In the Local text box, type the external IP address of the Site B device.
  6. In the Remote text box, type the IP address of the Dimension server located at Site A.
  7. Save the configuration to the device.

Configure Logging on the Device at Site B

After you configure the tunnel routes, you can configure the Firebox at Site B to send log messages to the IP address of the Dimension server located at Site A.

For more information about how to configure logging, go to Define Where the Firebox Sends Log Messages.