Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
akaratas
Staff
Staff

Created on ‎12-08-2023 01:06 AM Edited on ‎09-08-2025 01:06 AM By Community Manager

Article Id 288317

Technical Tip: How to connect FortiGate to FortiAnalyzer Cloud and troubleshoot connectivity issues

Description

 

This article describes how to connect FortiGate to FortiAnalyzer Cloud and troubleshoot connectivity issues.

 

Scope

 

FortiAnalyzer Cloud.

 

Pre-requirements:

FortiGate needs the following licenses and both devices must be registered under the same FortiCloud (FortiCare) account:

 

FortiAnalyzer Cloud subscription:

FortiGate hardware

FC-10-[FortiGate Model Code]-585-02-DD

FortiGate-VM

FC-10-[FortiGate VM Model Code]-585-02-DD

 

For more information, visit the following page: Licensing

 

Solution

 

Connect FortiGate to FortiAnalyzer Cloud.

  • Go to Log & Report -> Log Settings -> Enable Cloud Logging Settings.
  • Select FortiAnalyzer Cloud and apply the changes.
 
 

1.PNG

 

In v7.2.x or v7.4.x, follow the steps below:

  1. Go to Security Fabric -> Fabric Connectors -> Select edit Logging & Analytics.

 

FAZC_fgt_options1.png

 

From CLI:

 

config log fortianalyzer-cloud setting
    set status enable
    set upload-option realtime
end

 

1.png

 

  1. Choose the Cloud Logging option and then select FortiAnalyzer Cloud, and apply the changes.


Note:

If the FortiGate has the entitlement [license] for FortiAnalyzer, choose FortiAnalyzer Cloud.

 

2.png

 

  • Go to FortiAnalyzer Cloud and Authorized.

 

2.PNG

 

  • Go to Device Manager and Check for Unauthorized Devices.
  • Select it and authorize it.

3.PNG

 

  • After configuring log settings, use the Test Connectivity button to see if the connection works.

 

On FortiGate:

4.PNG

 

On FortiAnalyzer:

5.PNG

 

Note

Only the master account ID has permission to authorize FortiGate devices in the FortiAnalyzer Cloud; for other users, the option will not be available. To check the master account ID, the following command can be run on the FortiGate side: 

 

diagnose test update info 

 

Troubleshooting connectivity: After saving the setting, check the output of the below command in the FortiGate CLI:

 

execute log fortianalyzer-cloud test-connectivity

 

Upon seeing an error like the following, check internet connectivity and FortiAnalyzer cloud connectivity.

execute telnet fortianalyzer.forticloud.com 514

execute ping fortianalyzer.forticloud.com

 

Unknown host: fortianalyzer.forticloud.com

Failed to get FortiAnalyzer Cloud's status. Hostname resolution failed. (-21)

If there is no internet communication issue, check below sniffer outputs.

 

To check if FortiGate has the correct contract and the correct account, run the following commands.

 

diagnose test update info

 

To see the domain region, log quota, and daily volume to understand whether connectivity is correct and using the correct region, run the following command:

 

diagnose test application forticldd 3

diagnose test application forticldd 4

 

On the FortiGate CLI, resolve the fortianalyzer.forticloud.com domain via ping:

 

execute ping fortianalyzer.forticloud.com

PING fortianalyzer.forticloud.com.geo.fortinet.net (154.52.2.161): 56 data bytes

 

Then, use the IP to run a sniffer towards the FortiAnalyzer Cloud servers, where 'x.x.x.x' is the resolved IP in the procedure above:

 

diagnose sniffer packet any 'host x.x.x.x and port 514' 6 0 a 


On the FortiAnalyzer CLI:

 

diagnose sniffer packet any 'port 514' 3 0 a 

 

If there is a need to report a support ticket, collect the following command outputs and share them in the ticket with the above outputs.

 

On FortiAnalyzer:

diagnose debug app oftpd 8 <FGT-IP>  <----- Alternatively, a device name can be used. IP is preferable.
diagnose debug timestamp enable
diagnose debug enable  

 

On FortiGate:

diagnose test app miglogd 6

diagnose test app fgtlogd 4 <----- Since v7.4.0 to replace diag test app miglogd 6.
diagnose log kernel-stats

 

Both FortiAnalyzer and FortiGate:

execute tac report

 

If the FortiGate Cloud is enabled, then FortiAnalyzer Cloud cannot be used.

 

config log fortianalyzer-cloud setting

 (setting) # get
status : disable

(setting) # set status enable
Cannot enable both FortiGate Cloud and FortiAnalyzer Cloud at the same time.
node_check_object fail! for status enable

 

If FortiGate is connected to FortiAnalyzer, but the configuration is denied:

 

FGT# exe log fortianalyzer test-connectivity
FortiAnalyzer Host Name: FAZXXXX123
FortiAnalyzer Adom Name: test
FortiGate Device ID: FG123XXXXXX
Registration: registered
Connection: deny(configuration is denied)

 

Follow this KB article to resolve the issue: FortiGate connected to FortiAnalyzer but configuration is deny 

 

Related articles:

Technical Tip: FortiAnalyzer Cloud is not Receiving Logs from EMS, FortiClient and FortiMail

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity

Technical Note: How to create a log file of a session using PuTTY

Technical Tip: Ticket Creation via the Support Portal

Technical Tip: FortiAnalyzer is not accepting logs, event log reports unable to accept logs from dev...

Technical Tip: Traffic Types and TCP/UDP Ports used by Fortinet Products

Troubleshooting Tip: No logs received on FortiAnalyzer

Technical Tip: How to setup a custom certificate regarding OFTP protocol

Technical Tip: Getting error: 'failed to get faz's status. invalid error number (0).(0)'

14089
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.