Hello,

I'm new on reddit and I'd like a little help, I will try to be the clearest as possible.

I have 2 Pfsense 2.4.5 (1 PFWAN and 1 PFLAN) And I want to receive all the syslogs logs from these 2 fw on my splunk on my LAN.

My architecture is the following :
-PFWAN:
Wan interface : Internet address(let's say 99.99.99.99 to simplify)
Lan interface : 10.10.1.2

-PFLAN :
Wan interface : 10.10.1.1
Lan interface 10.10.10.1

-My splunk on 10.10.10.30

On my 2 pfsense I activated the syslog remote to my server 10.10.10.30 (I activated listening on my splunk).
I currently receive perfectly the logs from my PFLAN but I have some problem to receive the logs from my PFWAN.Indeed, my firewall logs from external (like src=66.66.66.66 dst=99.99.99.99 port=445) come perfectly to my WAN interface of my PFLAN.
But after that, even if the rules is allowed, the splunk doesn't receive this logs. Instead, I just have the logs src=10.10.1.2 dst=10.10.1.1 port=514.
When I listen packets on 10.10.1.2 I can see the logs from external.
When I listen packets on 10.10.10.1 I just have logs src=10.10.1.2 dst=10.10.1.1 port=514 and can't see the logs from external anymore.

I tried to change the port to 5514 it did the same things. Could anyone help me on this topic please?

Thanking you in advance,