Technical Tip: FortiGate connected to FortiAnalyzer but configuration is deny

This article describes that, however, FortiAnalyzer is not able to receive the log from FortiGate under the condition that FortiAnalyzer is managed by FortiManager.

FortiGate can connect to FortiAnalyzer.

Use the command below to check at FortiGate:

FGT# execute log fortianalyzer test-connectivity
FortiAnalyzer Host Name: FAZXXXX123
FortiAnalyzer Adom Name: test
FortiGate Device ID: FG123XXXXXX
Registration: registered
Connection: deny(configuration is denied)

The error indicates that FortiManager has restricted the log permissions in the device that is connected to FortiAnalyzer.

Execute the following command in FortiManager, followed by FortiAnalyzer to resolve the issue:

All devices:

execute log device permissions all all enable

Specific device:

execute log device permissions <device_id> all enable

Related articles:

Technical-Tip-How-to-connect-FortiGate-to-FortiAnalyzer-Cloud 

Technical Tip: FortiAnalyzer Cloud is not Receiving Logs from EMS, FortiClient and FortiMail