Fail to send FortiClient logging to Forti...

FortiClient

FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.

Article Id 382702

Description

This article describes what to check when failing to send FortiClient logging to FortiAnalyzer-Cloud.

Scope

EMS v7.2.x.

Solution

To ensure FortiClient can send the logging to FortiAnalyzer Cloud:

Allow the connection for port TCP/514.

Sample Topology:

Endpoint FortiClient -------> Firewall------> FortiAnalyzer Cloud (xxxxxx.xxxxxx.fortianalyzer.forticloud.com) Tcp/514

Sample setting in endpoint profile:

Related document:

Required services and ports

The FortiAnalyzer Cloud requires an additional license with minimum SKU FC1-10-AZCLD-463-01-DD to enable FortiAnalyzer-Cloud to receive logs from FortiClient.

Related documents:

Logging support and daily log limits

Logging to FortiAnalyzer Cloud

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Fail to send FortiClient logging to FortiAnalyzer-Cloud

You are leaving our website