Add Access rules allowing traffic from Log Servers to external hosts
If the external host and Log Server are separated by a Engine or Layer 2 Engine, you must add rules to allow traffic from the Log Server to the host.
 For more details about the product and how to configure features, click Help or
            press F1.
Steps
- 
                Select  Configuration. Configuration.
- Expand Policies, then browse to the type of policy you want to edit.
- Right-click the policy, then select Edit Engine Policy or Edit Layer 2 Engine Policy.
-  
		  Click the 
			 IPv4 Access or 
			 IPv6 Access tab, then add an Access rule with the following values: 
		   
		  - Source — Log Server
- Destination — Host element
-  
				Service — Syslog (UDP), Syslog (TCP), or NetFlow (UDP), depending on the protocol used. For TLS-protected traffic, select TCP with TLS. The same Service and Port that was selected in the Log Forwarding rule must be selected here. 
- Action — Allow
-  
				Logging — None (recommended in most cases) Note: Logging the log forwarding can create a loop where the log forwarding creates a log entry each time. If you want to log the log forwarding, create a local filter in the Log Forwarding rule to exclude logs related to forwarding.
 
- Save and install the policy to start using the new configuration.