Staff

Technical Tip: Setting up Fabric Connector for FortiAnalyzer on FortiGate when VDOM is enabled

Forum|Forum|5 years ago
March 26, 2021
0 replies
2797 views

Description

This article describes that it is necessary to use management VDOM to communicate to FortiAnalyzer on FortiGate settings.

Scope

FortiGate.

Solution

Diagram.

The 'FAZ_VDOM' on FortiGate has a direct connection to FortiAnalyzer.

But in this scenario, the management VDOM is the 'ROOT VDOM'.

With that, if the fabric connector is configured for FortiAnalyzer on FortiGate, it will automatically use the root VDOM to reach the FortiAnalyzer, which will fail.

Image 1 shows that the root VDOM is the management VDOM.

Image 2 shows that FortiAnalyzer is configured on the FortiGate fabric connector for logging.

Note: For the IP address here, it is the FortiAnalyzer instance if it is on-premises.

Image 3 shows that the connectivity failed.

If the approach here is to change the source IP of the FortiGate FortiAnalyzer setting using IP of 'FAZ_VDOM' that will not work because the management VDOM is still the root VDOM.

Here is an image for that:

The right approach is to change first the management VDOM from 'ROOT VDOM' to 'FAZ_VDOM' on the scenario, by going to GLOBAL -> SYSTEM -> VDOM, select FortiAnalyzer VDOM, select 'SWITCH MANAGEMENT' and select 'OK'.

After that, 'FAZ_VDOM' will be visible as the management VDOM.

FortiGate can now reach the FortiAnalyzer without any issue, and can now also set the 'source-ip' under the FortiAnalyzer setting on FortiGate to the interface IP where the FortiAnalyzer is directly connected.
In this case, it is 10.115.2.10 by running this command.

FortiGate request can now be seen on the FortiAnalyzer, and just authorize it.

Here is the Final result run:

execute log fortianalyzer test-connectivity

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded