Can't connect FGT to FAZ

Question

Hi Guys,

Can't connect FGT (ver:6.0.5) to FAZ (ver: 6.2.1 FortiAnalyzer), connectivity test fails;

FGT been added to FAZ devices;

exec log fortianalyzer test-connectivity Failed to get FAZ's status. SSL error. (-3)

Capture shows that FAZ sending RST back to FGT:

66.345323 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: syn 1195392681 66.345952 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: syn 1231566839 ack 1195392682 66.346003 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: ack 1231566840 66.346728 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: psh 1195392682 ack 1231566840 66.346857 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: psh 1231566840 ack 1195392682 66.346885 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: ack 1231567207 66.346990 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: ack 1195392843 66.347044 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: psh 1195392843 ack 1231567207 66.347382 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: ack 1195392850 67.349171 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: rst 1231567207 ack 1195392850 << FAZ sending RST

Debug messages:

FortiGate-VM64 # diagnose debug enable FortiGate-VM64 # diagnose debug application miglogd -1 Debug messages will be on for 30 minutes.

FortiGate-VM64 # <158> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5. <124> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5. <158> __handle_logs()-1236: 1212 bytes received <158> send_report_log_buffer()-73: Fail to sent logs to reportd. err:111(Connection refused) <124> __check_vdom_disk_usage()-2508: vfid:0 vd quota:100 total used:0

<158> __handle_logs()-1236: 2328 bytes received <158> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5. <124> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5.

Any idea?

Thank you for your input and help!

genar · Accepted Answer

hi guys,i am having the same issue with my lab on VM workstation, with the same error message.but now it is solved for me.this is my config : on Fortigate :FortiGate-VM64-1 # config log fortianalyzer settingFortiGate-VM64-1 (setting) # set status enableFortiGate-VM64-1 (setting) # set server 172.16.10.250FortiGate-VM64-1 (setting) # set reliable enableFortiGate-VM64-1 (setting) # get status : enable ips-archive : enable server : 172.16.10.250 certificate-verification: enable serial : access-config : enable enc-algorithm : low ssl-min-proto-version: default conn-timeout : 10 monitor-keepalive-period: 5 monitor-failure-retry-period: 5 certificate : source-ip : upload-option : 5-minute reliable : enable on FAZ:FAZVM64 # config system global(global)# set enc-algorithm low(global)# set ssl-low-encryption enable(global)# set oftp-ssl-protocol tlsv1.0(global)# end enc-algorithm setting change will cause all existing FGFM tunnel/WebService connection reset. Do you want to continue? (y/n)ykillall: fgfmsd: no process killed killall: fgfmsd: no process killedFAZVM64 # i hope this work with you ,, ;)Thank You regardsGenar

Frosty · Answer

Do you have Encryption enabled in the Fortigate where the connection to the FAZ is specified? I had a similar issue after I upgraded our FAZ to v6.2 and that was the solution for my scenario:

https://forum.fortinet.com/tm.aspx?m=177233

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded