Technical Tip: FortiGate loses connectivity with FortiAnalyzer after changing interface-select-method to 'sdwan'

When the interface-select-method is changed from 'auto' to 'sdwan' using a FortiManager CLI script, the FortiGate loses connectivity to the FortiAnalyzer when the FortiAnalyzer address is configured as an FQDN address. As a result, log transmission to the FortiAnalyzer fails.

config log fortianalyzer setting

    set server "<FortiAnalyzer FQDN address>"  
    set interface-select-method sdwan
end

The following errors may appear in the debug logs after changing the setting:

diagnose debug application miglogd -1
diagnose debug application fgtlogd -1
diagnose debug enable
.
pid:192-__handle_msg()-414: Subscriber:1 received package. pubid:1 pkgid:19678 pkg_index:0
pid:192-__handle_pkg_logs()-356: Subscriber:1 processing package size:9959 logs:8 pickup:8
pid:192-__subscr_close_cur_pkg()-140: close package size:9959 logs:8
pid:0-__tcp_open()-349: Failed to open tcps socket context.
<192> fgtlog_start_rmt_conn()-1867: could not create oftp connection for remote server global-faz
pid:0-__udp_open()-1670: Failed to create udp socket: Address family not supported by protocol.

This issue occurs when DNS fails to resolve the FortiAnalyzer address and does not attempt to resolve the IP address again after the interface-select-method is changed to 'sdwan'.
As a result, fgtlogd attempts to connect to an undefined (empty) address.

This issue has been resolved in FortiOS v8.0.0 (scheduled to be released in February 2026)
These timelines for firmware release are estimates and subject to change.

Workaround:

fnsysctl killall miglogd
fnsysctl killall fgtlogd