Description
This article describes how to troubleshoot when a default FSBP Security Rating Report populates no data.
Scope
FortiAnalyzer.
Solution
- Make sure FortiAnalyzer has an additional license with SKU FC1-10-XXXX-175-XX-XX, and after registering, it should display in FortiCloud under Entitlement as FortiGuard Attack Surface Security Service and in FortiAnalyzer GUI as Security Rating Update.
-
Make sure FortiGate has an additional license with SKU FC-10-XXXX-175-XX-XX, and after registration, it should display in FortiCloud under Entitlement as FortiGuard Attack Surface Security Service and in FortiGate GUI as Attack Surface Security Rating.
-
Configuration for FortiAnalyzer log setting in FortiGate makes sure certificate-verification are is enabled.
FGT-HUB # config log fortianalyzer setting
set status enable
set server "x.x.x.x"
set serial "FAZVMSXXXXXXX"
set upload-option realtime
set reliable enable
set certificate-verification enable --> Enable this configuration.
end
-
Check that the Security Rating in FortiGate populates an output under Security Fabric -> Security Rating.
-
Confirm that there are logs generated in FortiGate under Log & Report -> System Events -> Logs -> Select dropdown (Security Rating Events).
-
Confirm that the same logs are present in FortiAnalyzer under Log View -> Logs -> Fortinet Logs -> FortiGate -> Event: Security Rating (FortiAnalyzer in v7.6.4).
-
Run the report again, and make sure the Settings of the report contain the same time and date as the logs populated in the Log View before (Device selection also needs to make sure it is the same as the individual FortiGate if selected to get consistent output from the report).
