Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
cmartinez1
Staff
Staff

Created on ‎08-31-2024 06:45 AM

Article Id 338040

Technical Tip: Error 'FortiAnalyzer stopped to detect FortiGate in manager device'

Description This article describes how to fix the error 'FortiAnalyzer stopped to detect FortiGate in manager device'.
Scope FortiAnalyzer, FortiGate.
Solution

FortiGate device was registered previously in FortiAnalyzer.

 

cmartinez1_0-1725056505176.png

 

The current status is down.

 

cmartinez1_1-1725056505185.png

 

Key information with the current evidence:

  1. It was working properly.
  2. It can verify the same IP and Serial Number.

It identified the last date/time FortiAnalyzer logged last time.

 

  1. Verify topology used, in this point, FortiAnalyzer and FortiGate are in the same network according to design.

cmartinez1_2-1725056620866.png

 

  1. Verify the FortiGate status and if it is up and working without alarms.

     

    cmartinez1_3-1725056620888.png

     

  2. Verify connectivity between FortiGate and FortiAnalyzer.

    From FortiGate to FortiAnalyzer.

    cmartinez1_4-1725056620892.png

     

    From FortiAnalyzer to FortiGate.

    cmartinez1_5-1725056620895.png                               

  3. Verify the upgrade path in FortiAnalyzer according to the reporter just upgraded FortiAnalyzer to the latest version but FortiGate was registered correctly and sometime before it stopped it was being registered.

    cmartinez1_6-1725056620897.png

  4. Verify the status of FortiAnalyzer and it is ok.

    cmartinez1_7-1725056620903.png

     

  5. Verify the test from FortiGate to FortiAnalyzer and verify the status in FAZ.

     

    cmartinez1_8-1725056620904.png

     

    cmartinez1_9-1725056620906.png

     

  6. Perform a sniffer and confirm there are sharing packets in port 443.
                                        
    cmartinez1_10-1725056620922.png                              

  7. Verify the log received during the last days and confirm FortiAnalyzer received this week's logs from FortiGate but this day does not.
                                 

    cmartinez1_11-1725056620923.png

     

  8. In the security fabric, it could confirm the connector was enabled and the parameters were correct.
                
    cmartinez1_12-1725056620939.png
    cmartinez1_13-1725056620944.png

     

    cmartinez1_14-1725056620951.png

     

  9. According to this information, the FortiAnalyzer is working and the next step is to validate the FortiGate side. During validation, the status of FortiGate can be something different from the original status of the FortiGate shared by the reporter. The FortiGate originally was stand-alone and now is in HA.

     

    cmartinez1_15-1725056620954.png

     

  10. Validate the FortiGate system setting for HA and confirm HA was created near of issue date.

     

    cmartinez1_16-1725056620958.png

     

    cmartinez1_17-1725056620964.png

     

  11. After checking that it could match the status in FortiAnalyzer where is not defined as HA in FortiAnalyzer:

       

    cmartinez1_18-1725056620974.png

     

  12. It was needed to edit the configuration in FortiAnalyzer to enable HA type and add the 2nd serial number.

    cmartinez1_19-1725056620984.png

     

    cmartinez1_20-1725056620990.png

     

    cmartinez1_21-1725056620998.png

     

    cmartinez1_22-1725056621009.png

     

     

The problem caused: HA was configured recently and did not change the configuration in FortiAnalyzer of the HA cluster.

 

cmartinez1_23-1725056621017.png

 

After reconfiguring HA parameters and adding a secondary device, the serial number could go up correctly.

 

cmartinez1_24-1725056621021.jpeg
617
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.