Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anthony_E
Community Manager
Community Manager

Created on ‎10-27-2021 06:26 AM Edited on ‎07-22-2025 11:13 PM

Article Id 192468

Technical Tip: FortiGate connectivity with FortiAnalyzer via IPsec tunnel

Description


This article describes FortiAnalyzer connectivity with FortiGate via IPsec tunnel which can be achieved by specifying the tunnel name in FortiAnalyzer log setting.

 

Scope

 

FortiGate.

 

Solution

 

In the FortiAnalyzer log setting, it is possible to specify the outgoing interface via 3 methods.
 
auto    <----- Set outgoing interface automatically.
sdwan   <----- Set outgoing interface by SD-WAN or policy routing rules.
specify <----- Set outgoing interface manually.
 
The reliable method to have connectivity via IPsec Tunnel can be achieved by specifying outgoing interface as tunnel interface manually. When using this method, it is recommended to assign an IP address to the IPsec tunnel interface and include that IP address in the phase2 selectors. 
 
This Configuration is only supported by CLI.
 
  1.  To Forti-analyze setting using below command:
 
tau-kvm28 # config log fortianalyzer setting 
 
  1. Enable FortiAnalyzer logs using the below command:

 

tau-kvm28 (setting) # set status enable  

tau-kvm28 (setting) # show full

config log fortianalyzer setting
    set status enable
    set ips-archive enable
    set server ''
    set certificate-verification enable
    set preshared-key ''
    set access-config enable
    set enc-algorithm high
    set ssl-min-proto-version default
    set conn-timeout 10
    set monitor-keepalive-period 5
    set monitor-failure-retry-period 5
    set certificate ''
    set source-ip ''
    set interface-select-method specify
    set interface ''                    <----- Mention the tunnel interface name.
    set upload-option 5-minute
    set reliable disable
    set priority default
    set max-log-rate 0
end
tau-kvm28 (setting) #


Or it is also possible to set source-ip instead of defining the interface, as shown below:

 

config log fortianalyzer setting
    set source-ip x.x.x.x 
end

 

The source IP should be the IP of one of the internal interfaces of FortiGate and be allowed in the IPSec phase 2 selector of the tunnel that connects to the FortiAnalyzer.


Related articles

Technical Tip: FortiAnalyzer connectivity with FortiGate using SD-WAN

Technical Tip: How to control/change the FortiGate source IP for self-generated traffic

2582
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.