Cannot connect to the FortiAnalyzer

Forum|Forum|13 years ago
March 25, 2013
6 replies
14920 views

We have a pair of Fortigate-1000A 3.00-b0668(MR6 Patch 2) running in a hosted data center on Master/slave mode and we have been experiencing some issues with the logging to Forti-analyzer and Syslog server. The connection towards the Forti-analyzer was working fine till last month and suddenly we have started facing this issue and to be informed that we have not done any upgrade on both the devices. Now i getting the message " " Cannot connect to the FortiAnalyzer. (10.1.6.218)" " while testing the connectivity to the FortiAnalyzer. Later after this issue i have started receiving the messages on fortianalyzer from the slave device (standby unit). Please find the diag sys top attached from both the devices. I have checked the device reach ability and tried reconfiguring the device but that didn' t helped.

Nl29700.txt

subu023Author

New Member

I have tried to sniff the packets from the Fortianalyzer and able to see the packet being received for the standby(slave) unit on Fortianalyzer but not for the Active Unit. SIN-FW-02 (global) $ diag log test generating an allowed traffic message with level - warning generating a system event message with level - warning generating a HA event message with level - warning generating a infected virus message with level â€“ warning generating a blocked virus message with level - warning generating an attack detection message with level - warning generating a blacklist email message with level - warning generating a URL block message with level - warning generating an IM message with level - warning generating a VOIP message with level - warning FortiAnalyzer-800B $ diagnose sniffer packet any ' host 57.33.94.70' 4 interfaces=[any] filters=[host 57.33.94.70] nr=576,fr=1680,b_nr=288,pg=4096 6.221373 57.33.94.70.7130 -> 10.1.6.218.514: udp 434 6.221391 57.33.94.70.7130 -> 10.1.6.218.514: udp 190 6.221395 57.33.94.70.7130 -> 10.1.6.218.514: udp 164 6.221398 57.33.94.70.7130 -> 10.1.6.218.514: udp 290 6.221401 57.33.94.70.7130 -> 10.1.6.218.514: udp 290 6.221609 57.33.94.70.7130 -> 10.1.6.218.514: udp 400 6.221610 57.33.94.70.7130 -> 10.1.6.218.514: udp 277 6.221613 57.33.94.70.7130 -> 10.1.6.218.514: udp 200 6.221613 57.33.94.70.7130 -> 10.1.6.218.514: udp 232 6.221984 57.33.94.70.7130 -> 10.1.6.218.514: udp 252

rwpatterson

New Member

Welcome to the forums. Have you tried rebooting the devices? V3, MR6, P2....May of 2008. Don' t you feel it' s time for an upgrade?

Dave_Hall

New Member

The devices has been up for 4+ years, which is impressive. :) I also say try rebooting them.

subu023Author

New Member

Thanks for the Reply Dave, Rob, I have proposed the solution to reboot the Device to the Customer and awaiting for the reply from them. This device is up for 4+ years and not sure if the failover will happen properly or reboot will cause any impact to the existing environment. And moreover the reboot would finally resolve the issue? since the contract has been expired i' m bit afraid that if any issues occurs in the future, post the upgrade then i won' t be able to raise a Case with Fortinet.

rwpatterson

New Member

Well, if you have no contract, you cannot get newer code. So (to me) it seems your only course of action would be the reboot. The 1000As are hardy. I don' t see a reboot affecting them negatively.