| Description |
This article describes how to connect FortiDDoS to FortiAnalyzer and troubleshoot connectivity issues. |
| Scope | FortiDDoS, FortiAnalyzer. |
|
Solution
|
Section 1: FortiDDoS and FortiAnalyzer firmware compatibility. As a General Rule, FortiAnalyzer must run a firmware release integrable with FortiDDoS.
Note: For more detail, see the 'Compatibility with FortiDDoS' document for FortiAnalyzer: FortiDDoS
For the lab example, FortiAnalyzer v7.2.0 and FortiDDoS v6.6.3 have been used.
FortiAnalyzer v7.4.6:
FortiDDoS v7.0.3:
Section 2: Verify FortiAnalyzer configuration on the FortiDDoS. From FortiAnalyzer, test the connectivity to FortiDDoS (FortiDDoS's IP in the lab: 192.168.91.55).
Configure FortiAnalyzer in FortiDDoS:
Go to FortiAnalyzer and authorize the FortiDDoS: FortiAnalyzer needs to appear the FortiDDos as FortiDDo,s not Syslog.
diag debug application oftpd 255 <FortiDDos_Name> diag debug enable [T19130:oftps.c:301] SSLv3/TLS read client hello [T19130:oftps.c:301] SSLv3/TLS write server hello [T19130:oftps.c:301] SSLv3/TLS write change cipher spec [T19130:oftps.c:301] TLSv1.3 write encrypted extensions [T19130:oftps.c:301] SSLv3/TLS write certificate request [T19130:oftps.c:301] SSLv3/TLS write certificate [T19130:oftps.c:301] TLSv1.3 write server certificate verify [T19130:oftps.c:301] SSLv3/TLS write finished [T19130:oftps.c:301] TLSv1.3 early data [T4418:oftps.c:301] TLSv1.3 early data [T4418:oftps.c:549] VERIFY OK: depth=1, /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortin [T4418:oftps.c:549] VERIFY OK: depth=0, /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiDDOS/CN=FortiDDoSVM/emailAddress=support@fortinet.com [T4418:oftps.c:301] SSLv3/TLS read client certificate [T4418:oftps.c:301] SSLv3/TLS read certificate verify [T4418:oftps.c:301] SSLv3/TLS read finished [T4418:oftps.c:301] SSLv3/TLS write session ticket [T4418:oftps.c:301] SSLv3/TLS write session ticket [T4418:oftps.c:1561 :10.47.48.116] ssl verify peer cert [T4418:oftps.c:1583 :10.47.48.116] Peer cert info, organizationName(o=Fortinet). [T4418:oftps.c:1586 :10.47.48.116] Peer cert info, CommonName(CN=FortiDDoSVM). [T4418:oftps.c:1847 :10.47.48.116] SSL_accept one client SUCCESS [ protocol : (772) TLS 1.3 ] [T4418:oftps.c:1879 :10.47.48.116] SSL socket[28] pid[1583] ssl[0x7f276802ea10] SSL_accepted [T4413:oftps.c:1937 :10.47.48.116] SSL socket[28] pid[1583] ssl[0x7f276802ea10] received [206] bytes: [T4413:main.c:4755 :10.47.48.116] handle LOGIN_REQUEST_LEGACY [T4416:login.c:3379 :10.47.48.116] host = 'FIVM04TM240XXXXXX' [T4416:login.c:3424 :10.47.48.116] Version: FortiDDoS-VM v7.0.3,build0740,240926 (Interim) [T4416:login.c:344 :10.47.48.116] os_type(11) os_ver(7) mr(0) patch(3) build(740) beta(-1) [T4416:login.c:3384 :10.47.48.116] vdom = 1 [T4416:oftps.c:2003 FIVM04TM24000253:10.47.48.116] SSL socket[28] pid[1583] ssl[0x7f276802ea10] sent [50] bytes: [T4416:main.c:4554 FIVM04TM24000253:10.47.48.116] LOGIN_REQUEST_LEGACY error: [handle_login_legacy():3920] device added as unregistered Section 3: Verify FortiDDoS and FortiAnalyzer connectivity.
Create a test NTP profile and delete them on FortiDDoS to generate logs to FortiAnalyzer:
Capture logs: Run on the FortiAnalyzer CLI:
diag sniffer packet any ' port 514 and host 192.168.91.55' 3
Run on the FortiDDoS CLI:
diag sniffer packet any ' port 514 ' 3
Create an NTP profile (NTP Profile) test and delete it on the FortiDDoS.
|
