0

I am setting up a ubuntu server (ver 22.04) so I can place a universal forwarder for Splunk on it and redirect FortiGate traffic to the SIEM (Splunk).

In total there are 6 virtual machines that i am using and all of these virtual machines are connected via Lan segments and IP integration.

here is the network map at the moment

Forwarder: 10.0.1.1/24
fortigate: 10.0.1.254/24
Splunk server: 10.0.1.3/24

I am supposed to put the SIEM as the subnet for the forwarder, with the fortigate being the name server and the gateway. However, it returns this error:

[1]

What seems to be the error as I cant wrap my head around this :/

cheers for all of your help!

Improve this question
1
  • 2
    No idea what you are talking about, but for a /24 subnet, the subnet address / ID always has 0 as the last octet. (That field is not asking for a host address with a prefix length.)
    – Tom Yan
    Commented May 22, 2022 at 8:10

1 Answer 1

Reset to default
2

That field asks for a SUBNET specification. You entered a host-address in CIDR notation, so it complains that the host bits (the last 8 bits in this case) are not ZERO.

Use 10.0.1.0/24. That should fix it.

It is a bit confusing because usually the first field a form like that asks normally for the ip-address of a host and the 2nd field for the subnet or netmask. (Or there is just one field for host-adress in CIDR notation which, by itself, is sufficient to also define the subnet.)

Newer Ubuntu versions for some reason to it the other way around, which confuses a lot of people.
(This isn't the first question on this site about it.)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .