Troubleshooting Tip: FortiWeb connection Issue with FortiAnalyzer due to missing snca2.cer and snca2.key for receiving logs on FortiAnalyzer
Description
This article describes a connection issue between FortiWeb and FortiAnalyzer after updating FortiWeb to version 8.0.5.
Scope
FortiWeb 7.6.6,8.0.4 version above and FortiAnalyzer.
Solution
To resolve the connection issue between FortiWeb and FortiAnalyzer, follow these steps:
Remove the FortiWeb from the HA cluster if it is in cluster mode.
Run the command 'execute remove vmlicense' to remove the license from the FortiWeb. This will trigger a device reboot.
Re-install the license on the FortiWeb. This will also trigger a device reboot.
After the reboot, check if the snca2.cer certificate is generated by running this command:
fn ls -l /data/etc/globalcert/snca/
If the certificate is generated, wait for a few minutes and check the FortiAnalyzer to see if the FortiWeb is connected and the traffic logs are accessible.
Description of the command:
Â
Commands | Description | Comments |
 fn ls -l /data/etc/globalcert/snca/ | Check output of this command for presence of snca2.cer and snca2.key | This is necessary for fortiweb to connect with FortiAnalyzer |
execute remove vmlicense | Â Remove VM license on from CLI | Â |