Technical Tip: How to change the encryption level between FortiGate and FortiAnalyzer
Description
This article describes how to change the enc-algorithm level on the connection between FortiGate and FortiAnalyzer.
Scope
FortiGate, FortiAnalyzer.
Solution
In earlier versions of FortiOS, the following option has been available under the following configuration on CLI 'config log fortianalyzer setting':
config log fortianalyzer setting
set enc-algorithm disable
set encrypt enable
set psksecreet <password>
end
However, on newer versions of the FortiOS, these options no longer exist. At the moment, on branch 7.4 as an example, the 'enc-algorithm' can be set on either of the options below:
FortiGate # config log fortianalyzer setting
FortiGate (setting) # set enc-algorithm
high-medium Encrypt logs using high and medium encryption algorithms.
high Encrypt logs using high encryption algorithms.
low Encrypt logs using all encryption algorithms.
high-medium Encrypt logs using high and medium encryption algorithms.
high Encrypt logs using high encryption algorithms.
low Encrypt logs using all encryption algorithms.
By default, the 'enc-algorithm' is set on the 'high' option.