Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Staff
Staff

Created on ‎01-29-2018 12:36 AM Edited on ‎03-01-2024 02:04 AM By Community Manager

Article Id 197972

Technical Tip: Sending messages (logs, SNMP, RADIUS) directly from the HA management interface

Description

 

This article describes that when HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps, access to remote authentication servers (for example, RADIUS, LDAP), and connecting to  FortiSandbox, or FortiCloud.


Scope

 

FortiGate: logging, management interface.


Solution

 

Once the HA management interface has been configured, enable HA-direct globally:
 
config system ha
set ha-direct enable
end
 

In many cases, HA-direct can also be enabled only for appropriate features, such as SNMP or an LDAP server configuration. For example, in SNMPv3:

 

config system snmp user
    edit snmpv3-user
        set ha-direct enable
    next
end
 
 

Note:

This setting alters the traffic flow. Enabling it may cause timeouts to occur due to an unresponsive FortiGate. This occurs because the response to a request is sent on a different interface where the packet may not be routed back to the requester, resulting in a request timeout.

21806
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.