Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
HernandezA
Staff
Staff

Created on ‎07-23-2025 10:14 PM Edited on ‎09-02-2025 01:23 AM By Community Manager

Article Id 403308

Troubleshooting Tip: Integration problems with FortiGate and FortiAnalyzer Cloud, FortiGate cannot be registered.

Description This article describes how to troubleshoot the issue where a FortiGate cannot be registered in the FortiAnalyzer Cloud instance.
Scope FortiGate, FortiAnalyzer Cloud.
Solution
Pre-Requisites.
  • Ensure the user account has items related to FortiAnalyzer Cloud and FortiGate in its SN that have the license.
  • Deploy a FortiAnalyzer Cloud instance
  • Configure FortiGate to send logs to FortiAnalyzer Cloud.
 
Related documents:
Troubleshooting Process:
  1. The administrator had already confirmed the prerequisites were accomplished, but reported the FortiGate could not be registered in the FortiAnalyzer Cloud.
 
Any item in device manager.jpg
 
  1. Validate the OFTP sessions with the command 'diagnose test application oftpd 3' to list current FortiAnalyzer sessions. In this case, no connections are established.

     

oftpd 3.jpg

 

  1. Verify the FortiGate logging configuration. Go under Security Fabric -> Fabric Connectors -> Logging and Analytics -> View -> Cloud Logging. In this case, the configuration was already performed correctly in that section, but the status of the connection appeared as 'Unauthorized.' However, in the FortiAnalyzer, there is no device request to be authorized.
 
Unauthorized in FGT.jpg

 

Any item in device manager.jpg
 
  1. Tried to add the FortiGate device from FortiAnalyzer, Device Manager Menu, and set the name and Serial Number, but the issue persisted; the connection cannot be established.
 
Add_FGT_from FAZ.jpg

 

  1. The debugged task was enabled for the OFTPD process with the command 'diagnose debug application oftpd 8' and 'diagnose debug enable'; after that, the session negotiation was using TLSv1.3.

 

TLS13 session befor.jpg
 
  1. Confirmed configuration for OFTPD session in FortiAnalyzer that was used 'config system global> oftpd-ssl-protocol > tlsv1.2', then it was changed to tlsv1.3 with command 'set oftpd-ssl-protocol > end ' and after that the connection was refreshed in FortiGate settings, It was also confirmed with debug the session was initialized,  but device was not UP and could not receive any log.

     

Refresh connected.jpg

 

  1. A Test connectivity was sent from FortiGate to FortiAnalyzer Cloud, and this time the message received on the FortiGate said the device did not have a license for cloud logging.
 
Nolicensetest.jpg

 

  1. It was confirmed again regarding the item availability for the FortiGate in contract, but the administrator reported the contract was registered in the support site an hour ago.
 
Licenseconfirmation.jpg

 

  1. FortiGate executed a ping test to the Fortinet server and requested an update of the license items in the device with the command 'execute update-no.'. Then, the connectivity test 'execute log fortianalyzer-cloud test-connectivity' was performed again in FortiGate and confirmed that now the session was established and FortiGate was sending logs to FortiAnalyzer Cloud.

 

after license updated.jpg

 

FAZUPdevices.jpg

 

Related article:

Technical Tip: How to connect FortiGate to FortiAnalyzer Cloud and troubleshoot connectivity issues 
146
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.