• Ensure the user account has items related to FortiAnalyzer Cloud and FortiGate in its SN that have the license.
• Deploying FortiAnalyzer Cloud
• Configure FortiGate to send logs to FortiAnalyzer Cloud.

1. The administrator had already confirmed the prerequisites were accomplished, but reported the FortiGate could not be registered in the FortiAnalyzer Cloud.

2. Validate the OFTP sessions with the command 'diagnose test application oftpd 3' to list current FortiAnalyzer sessions. In this case, no connections are established.

    

 

3. Verify the FortiGate logging configuration. Go under Security Fabric -> Fabric Connectors -> Logging and Analytics -> View -> Cloud Logging. In this case, the configuration was already performed correctly in that section, but the status of the connection appeared as 'Unauthorized.' However, in the FortiAnalyzer, there is no device request to be authorized.

 

4. Tried to add the FortiGate device from FortiAnalyzer, Device Manager Menu, and set the name and Serial Number, but the issue persisted; the connection cannot be established.

 

5. The debugged task was enabled for the OFTPD process with the command 'diagnose debug application oftpd 8' and 'diagnose debug enable'; after that, the session negotiation was using TLSv1.3.

 

6. Confirmed configuration for OFTPD session in FortiAnalyzer that was used 'config system global> oftpd-ssl-protocol > tlsv1.2', then it was changed to tlsv1.3 with command 'set oftpd-ssl-protocol > end', and after that, the connection was refreshed in FortiGate settings. It was also confirmed with debugging that the session was initialized, but the device was not UP and could not receive any log.

    

 

7. A Test connectivity was sent from FortiGate to FortiAnalyzer Cloud, and this time the message received on the FortiGate said the device did not have a license for cloud logging.

 

8. It was confirmed again regarding the item availability for the FortiGate in the contract, but the administrator reported the contract was registered in the support site an hour ago.

 

9. FortiGate executed a ping test to the Fortinet server and requested an update of the license items in the device with the command 'execute update-no.'. Then, the connectivity test 'execute log fortianalyzer-cloud test-connectivity' was performed again in FortiGate and confirmed that now the session was established and FortiGate was sending logs to FortiAnalyzer Cloud.

Note:
In some cases, the same error can be seen when the version between FortiGate and FortiAnalyzer is not compatible. For the compatibility matrix, refer to this document, Compatibility Tool.

Related article:

Technical Tip: How to connect FortiGate to FortiAnalyzer Cloud and troubleshoot connectivity issues