Technical Tip: Getting error: 'failed to get faz's status. invalid error number (0).(0)'
| Description | This article describes how to resolve the error below while checking the connectivity with the analyzer: 'failed to get faz's status. invalid error number (0).(0)'.
This error is seen when a certificate is missing on FortiGate. |
| Scope | FortiGate and FortiAnalyzer. |
| Solution | Verify basic connectivity is fine by Ping, traceroute, and telnet. execute telnet fortianalyzer.forticloud.com 514 execute ping fortianalyzer.forticloud.com execute traceroute fortianalyzer.forticloud.com
However, while checking the connectivity with the analyzer using the command below, it gives the error:
execute log fortianalyzer test-connectivity
It is necessary to check the certificate on the FortiGate. Make sure the certificate with the CN='fortinet-ca2 is present.
If it is not present, try downloading the cert from the FortiAnalyzer and importing it on FortiGate.
Ensure it is added in the external CA. Once it is added, reset the daemon on FortiAnalyzer and FortiGate by using the following command:
diagnose test app oftpd 99" <----- FortiAnalyzer.
Successful sending of logs:
FortiAnalyzer Host Name: FAZVM64
If none of the above suggestions help to establish connectivity between FortiGate-FortiAnalyzer, a few more steps that can help achieve the resolution of this problem are added below:
config log fortianalyzer setting set certificate-verification disable end
config system interface edit <name_of_interface> set mtu-override enable set mtu <value> <----- The value of the MTU can be reduced. end
As each infrastructure is unique from the others, there might be a chance that the same solution does not apply to every network. In this case, create a ticket with TAC support to troubleshoot the issue further. Related documents: |