Description |
This article describes the situation when the FortiGate and FortiAnalyzer connectivity test fails. |
Scope | FortiGate. |
Solution |
exec log fortianalyzer test-connectivity
If the output is the below error then take the sniffers:
Failed to get FAZ's status. SSL error. (-3)
Take the sniffers for the FortiAnalyzer IP and check the connection.
Capture shows that FortiAnalyzer sending RST back to FortiGate:
66.345323 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: syn 1195392681 66.345952 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: syn 1231566839 ack 1195392682 66.346003 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: ack 1231566840 66.346728 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: psh 1195392682 ack 1231566840 66.346857 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: psh 1231566840 ack 1195392682 66.346885 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: ack 1231567207 66.346990 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: ack 1195392843 66.347044 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: psh 1195392843 ack 1231567207 66.347382 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: ack 1195392850 67.349171 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: rst 1231567207 ack 1195392850 <----- FortiAnalyzer sending RST.
Check the FortiAnalyzer settings on the FortiGate by using the below command:
get log fortianalyzer setting status: enable ips-archive: enable server: 10.34.199.143 enc-algorithm: high conn-timeout: 10 monitor-keepalive-period: 5 monitor-failure-retry-period: 5 certificate : source-ip : upload-option : 5-minute <----- Upload logs every 5 minutes. reliable: disable <----- Logs are sent over UDP.
Note. Remote FortiAnalyzer logging over UDP if reliable is disabled and TCP if reliable.
System -> Certificates.
On FortiAnalyzer: Go under System setting -> Certificates.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.