Skip to main content
MConrad
MConrad
New Member
March 27, 2025
Question

FortiAnalyzer connectivity on FortiGate inside VRF

  • March 27, 2025
  • 1 reply
  • 1099 views

Hi everyone,

 

currently dealing with the following scenario: we're sending logs from a remote FortiGate to a centrally-hosted FortiAnalyzer via S2S VPN. Source interface on the FortiGate for logging is set to a loopback interface (via "set source-ip" command) - this is working perfectly fine.

Now we would like to transfer that communication into a dedicated VRF on the remote FortiGate so routing and IP adressing for the management/logging tunnel is completely seperate from production routing. In order to reach that goal we have moved the tunnel interface and the loopback interface into its own VRF (7). As soon as we do that, logging to the FortiAnalyzer isn't working anymore. We also tried setting "interface-selection-method" and "interface" inside "config log fortianalyzer" config to no avail.

 

Has anyone got this to work by chance?


Best regards,

Max

 

 

 

1 reply

czamudio
Staff
czamudio
Staff
March 27, 2025

Hi, can you ping from the root vdom?

try to debug the flow into Fortianalyzer  

 

    MConrad
    MConradAuthor
    New Member
    March 28, 2025

    Hi, yes ping works fine (if I set "execute ping-options source <Loopback-IP>) and "debug flow" looks fine there as well.

     

    I can't see any syslog going out to the FortiAnalyzer in "debug flow" as if it wasn't even trying (when dedicated VRF is being used).

    czamudio
    Staff
    czamudio
    Staff
    March 28, 2025

    need to open a ticket

    Terms & ConditionsAccessibility statement