Description | This article describes how to decode a TLS handshake between FortiGate and FortiAnalyzer using Wireshark. |
Scope | FortiAnalyzer, FortiGate, Wireshark. |
Solution |
FortiGate can form a security fabric connection with FortiAnalyzer using port 514(SYSLOG). In some cases, a TLS handshake is required to verify the authenticity of both devices to form the connection. However, from a packet capture perspective on Wireshark, the TLS handshake is not visible by default.
To change this, adjust the Wireshark settings as shown below: |