Skip to main content
yeowkm99
yeowkm99
New Member
June 15, 2023
Question

Connect remote FGT to Analyzer

  • June 15, 2023
  • 6 replies
  • 3984 views

i am trying to connect the FG50F in my remote office to the FAZ300G in my data centre.

Currently the remote office is connecte via IPsec site-to-site VPN.

what are the ports i need to open up in order for the FG50F to send logs to the FG300G ?

6 replies

srajeswaran
Staff
srajeswaran
Staff
June 15, 2023

Port 514 TCP and UDP.

 

https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-connectivity/ta-p/191833

OFTP uses TCP/514 for connectivity, health check, file transfer and log display from FortiGate.

Log communication happens over either TCP OR UDP 514:

- TCP/514 is used for log transmission with the reliable option enabled.
- UDP/514 is used for log transmission with the reliable option disabled.

yeowkm99
yeowkm99Author
New Member
June 15, 2023

i am getting this error when i connect to the FAZerror.jpgFAZ

srajeswaran
Staff
srajeswaran
Staff
June 15, 2023

are you able to ping the FortiAnalyzer IP? If ping works, please try telnet on port 514. We need to make sure the connectivity is fine.

 

Below article explains the step by step procedure to check the connectivity.

 

https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-connectivity/ta-p/191833

 

 

knagaraju
Staff
knagaraju
Staff
June 15, 2023

Hello Yeowkm99

May I know if you are able to ping fortianalyzer IP from Fortigate?
If you are able to ping then please try to check if the communication port is open on Fortianalyzer. Trying doing telnet from fortigate to fortianalyzer.

Regards
Nagaraju.

knagaraju
Staff
knagaraju
Staff
June 15, 2023

Hello Yeowkm99

Please check the routing-table entry for fortianalyzer IP address.
Also please check that the traffic is going via correct outgoing interface.
If the fortigate is in HA then make sure that HA direct is enabled.

Regards
Nagaraju.

yeowkm99
yeowkm99Author
New Member
July 20, 2023

my remote office housing the FG50F is now completely setup.

my servers there can reach back to data centre and vice versa.

But the strange thing is my FG50F at the remote office still cannot reach my FAZ in DC.

ping from DC servers to remote FG50F is working, but i cannot ping direct from my FG401E at DC to FG50F.

servers at remote office can ping FAZ in DC, only the FG50F cannot. traceroute also fails.

 

FGT50F # execute traceroute 172.16.0.71
traceroute to 172.16.0.71 (172.16.0.71), 32 hops max, 3 probe packets per hop, 84 byte packets
1 * * *
2 * * *
3 * * *

 

trace route from remote office server

>tracert 172.16.0.71

Tracing route to 172.16.0.71 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.32.0.1
2 4 ms 4 ms 4 ms 192.168.1.99
3 4 ms 4 ms 4 ms 172.16.0.71

sjoshi
Staff
sjoshi
Staff
July 20, 2023

Dear @yeowkm99,

 

Whenever you are trying to ping is directly from FGT, it is recommended to use source Ip and source interface.

 

For example.

execute ping-options source x.x.x.x >> one of the lan IP which is allowed in ipsec

execute ping-options interface <int_name> >> one of the lan int

exec ping x.x.x.x >> dst ip

 

Thanks

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.
waqar11
waqar11
New Member
July 20, 2023

Hi there,

The ports you need to open up in order for the FG50F to send logs to the FG300G are:

  • TCP 514 - This is the default port for syslog.
  • UDP 514 - This is an alternative port for syslog.
  • TCP 1025 - This is the port for the FortiAnalyzer Management Interface.

You will need to open these ports on both the FG50F and the FG300G.

Here are the steps on how to open ports on the FG50F:

  1. Go to Policy & Objects > Objects > Network > Interfaces.
  2. Select the interface that you want to open the ports on.
  3. Click on the Edit button.
  4. Click on the Advanced tab.
  5. In the Port Forwarding section, enter the ports that you want to open.
  6. Click on the Save button.

Here are the steps on how to open ports on the FG300G:

  1. Go to Policy & Objects > Objects > Network > Interfaces.
  2. Select the interface that you want to open the ports on.
  3. Click on the Edit button.
  4. Click on the Advanced tab.
  5. In the Port Forwarding section, enter the ports that you want to open.
  6. Click on the Save button.

Once you have opened the ports, you should be able to send logs from the FG50F to the FG300G.

yeowkm99
yeowkm99Author
New Member
July 20, 2023

is there options to create policy and objects in the Analyzer 300G ?

 

Here are the steps on how to open ports on the FG300G:

  1. Go to Policy & Objects > Objects > Network > Interfaces.
  2. Select the interface that you want to open the ports on.
  3. Click on the Edit button.
  4. Click on the Advanced tab.
  5. In the Port Forwarding section, enter the ports that you want to open.
  6. Click on the Save button.
mgoswami
Staff
mgoswami
Staff
July 20, 2023

Hi,

 

Here are the ports you need to open:

  1. FortiGuard Log Forwarding (FGT Log Forwarding):

    • TCP: 514
    • UDP: 514

  2. Fortinet's FortiAnalyzer Protocol (FAP):

    • TCP: 541
    • UDP: 541

Ensure that the above ports are open in both directions, i.e., from FortiGate FG50F to FortiAnalyzer FAZ300G and vice versa.

 

BR,

Manosh

Terms & ConditionsAccessibility statement