FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Nur
Staff
Staff
Article Id 359592
Description This article describes how to change the FortiGate Serial Number from FortiAnalyzer using CLI.
Scope FortiAnalyzer.
Solution

When FortiGate is replaced for RMA, the Serial Number will be changed. When the Serial Number of FortiGate has been changed, FortiAnalyzer will not be able to recognize the FortiGate and the status will show 'Red'.

 

Screenshot 2024-11-24 195352.png

 

Rather than integrate New FortiGate (via RMA) with FortiAnalyzer, it is better to change the FortiGate old Serial Number to the New Serial Number. This setting can be performed via CLI, and the command is:

 

Bezza-kvm31 # exe device replace sn <device Name existed from FortiAnalyzer> <New FortiGate Serial Number >

Bezza-kvm31 # exe device replace sn CECV FG201FXXXXXXXX --> This is to clarify the FortiGate SN been changed.

 

From the new FortiGate, configure the FortiAnalyzer using CLI (adding the FortiAnalyzer Serial-Number):

 

config log fortianalyzer setting
    set status enable
    set server "10.X.X.X"
    set serial "FAZ-VMTMXXXXXXXXX"
    set upload-option realtime
end

 

Then the GUI will show that the FortiAnalyzer has been authorized and the status FortiGate will show 'UP'.

 

Screenshot 2024-11-24 203007.png

 

The command is only capable of use for the same FortiGate Model Device.

 

Example :

 

200F replace with 200F

FGVM02TM with FGVM02TM

 

If been replaced with a different model, the error will show as below:

 

CATH-XXXXXXX # exe device replace sn tutu FG201FTXXXXX
Serial number 'FG201FTCCCCCC' does not match this device's model
Command fail. Return code -651

 

For the different model devices, it is necessary to register FortiGate as a 'New Device'.

Related articles:
Technical Tip: Delete the unused Serial Number associated with a device in a cluster