diff --git a/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml b/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
index dd17565..4cc40a4 100644
--- a/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
+++ b/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
@@ -4,6 +4,24 @@
     name: rsyslog-gnutls # For TLS support
     state: present
 
+- name: Bastionhost | rsyslog forwarding | Configure global TLS settings
+  ansible.builtin.copy:
+    dest: /etc/rsyslog.d/01-global-tls.conf
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+      # This file is managed by Ansible
+      # Defines global TLS settings for log forwarding.
+      global(
+        DefaultNetstreamDriver="gtls"
+        DefaultNetstreamDriverCAFile="{{ log_forwarding_ca_cert }}"
+      )
+  notify: restart rsyslog
+  when:
+    - log_forwarding_target is defined
+    - log_forwarding_ca_cert is defined
+
 - name: Bastionhost | rsyslog forwarding | Configure GELF forwarding for SSH logs (for Graylog)
   ansible.builtin.copy:
     dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
@@ -31,16 +49,16 @@
 
       # Filter for sshd messages and apply the action
       if $programname == 'sshd' then {
-          action(type="omfwd"
-                 target="{{ log_forwarding_target }}"
-                 port="{{ log_forwarding_port | default(12201) }}"
-                 protocol="tcp"
-                 template="gelf"
-                 StreamDriver="gtls"
-                 StreamDriverMode="1"
-                 StreamDriverAuthMode="x509/name"
-                 StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}"
-                 Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
+          action(
+                type="omfwd"
+                target="{{ log_forwarding_target }}"
+                port="{{ log_forwarding_port | default(12201) }}"
+                protocol="tcp"
+                template="gelf"
+                StreamDriver="gtls"
+                StreamDriverMode="1"
+                StreamDriver.AuthMode="x509/name"
+                StreamDriver.PermittedPeer="{{ log_forwarding_permitted_peer }}"
           )
       }
   notify: restart rsyslog
@@ -48,7 +66,6 @@
     - log_forwarding_type == 'gelf'
     - log_forwarding_target is defined
     - log_forwarding_permitted_peer is defined
-    - log_forwarding_ca_cert is defined
 
 - name: Bastionhost | rsyslog forwarding | Configure standard TLS forwarding for SSH logs
   ansible.builtin.copy:
@@ -69,14 +86,12 @@
               template="RSYSLOG_SyslogProtocol23Format"
               StreamDriver="gtls"
               StreamDriverMode="1"
-              StreamDriverAuthMode="x509/name"
-              StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}"
-              Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
+              StreamDriver.AuthMode="x509/name"
+              StreamDriver.PermittedPeer="{{ log_forwarding_permitted_peer }}"
           )
       }
   notify: restart rsyslog
   when:
     - log_forwarding_target is defined
     - log_forwarding_permitted_peer is defined
-    - log_forwarding_ca_cert is defined
     - log_forwarding_type == 'syslog'
\ No newline at end of file