FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
ckarwei
Staff
Staff
Article Id 207860

Description

 

This article describes the configuration needed to display data in FortiAnalyzer secure SD-WAN monitor.

 

Scope

 

FortiAnalyzer.

 

Solution

 

  1. A 'No Device Selected' message will appear if FortiAnalyzer does not receive the necessary SD-WAN logs.

 

No device selected.JPG

 

  1. In order to display data in a secure SD-WAN monitor, the following requirements need to be fulfilled.

  2. SD-WAN rule needs to have a specify source address together with protocol number / internet service / application.

  3. SLA logging needs to be enabled on FortiGate health check and applied to SD-WAN Rules.

 

Sample configuration in FortiOS 6.4:

 

config system sdwan
    config health-check

        edit "ping"
            set sla-fail-log-period 30
            set sla-pass-log-period 60
        next
    end
end

 

  1. SD-WAN interface members should have configured with 'WAN' role and 'Estimated bandwidth'.

  2. Firewall policy with SDWAN interface needs to log all sessions. 

  3. Ensure that traffic is passing through the SD-WAN rules. Verify this with the FortiGate SD-WAN rules hit count.

  4. Ensure that FortiAnalyzer is receiving health check sla status logs under Logview -> Event -> SD-WAN.

  5. Once FortiAnalyzer receive the logs, the Secure SD-WAN monitor will provide the device list with data present in each widget. 

 

sd-wan monitor.JPG

 

Related article:

Troubleshooting Tip: Troubleshooting the FortiManager SD-WAN monitor.

Technical Tip: Tabulating the data in the Application widgets in FortiView Secure SD-WAN Monitor.

Comments
nicerobot_FTNT

Heck yes. I've been looking for this. Thank you!

nicerobot_FTNT

I was really disappointed when the FAZ gave me no options for devices. This solution makes perfect sense, I just wished it was called out more clearly in the docs for FAZ.

NathanNichols

Invaluable info, thanks. This really should be spelled out in part of the mainline documentation for FortiOS and/or FAZ.