Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
VinayHM
Staff
Staff

Created on ‎09-18-2024 02:29 AM

Article Id 342090

Technical Tip: FortiGate and FortiAnalyzer not connected

Description This article describes how to fix the issue when FortiGate and FortiAnalyzer are unable to connect.
Scope FortiGate, FortiAnalyzer.
Solution

While adding the FortiAnalyzer to FortiGate, they will not connect.

After checking the SSL handshake neither FortiGate nor FortiAnalyzer support some of the chiper suites.

Below is the image showing tLS version errors.

 

fazerror.png

 

For FortiAnalyzer, the TLS versions and the encryption algorithm are controlled using the following commands:

 

config log fortianalyzer setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

 

Commands to check connectivity.

Using the sniffer command on the FortiGate and the FortiAnalyzer.
On the FortiGate CLI:

 

diag sniffer packet any 'host x.x.x.x and port 514' 6 0 l

diag debug reset

diag debug app fgtlog 255(since 7.2)

diag debug app miglogd 255

diag debug enable 

 

x.x.x.x is the IP address of the FortiAnalyzer.

On the FortiAnalyzer CLI:

 

diag sniffer packet any 'host y.y.y.y and port 514' 3 0 l 

 

y.y.y.y is the IP address of the FortiGate.
756
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.