DescriptionThis article describes FortiAnalyzer connectivity with FortiGate via IPsec tunnel which can be achieved by specifing the tunnel name in FortiAnalyzer log setting.SolutionIn the FortiAnalyzer log setting, it is possible to specify outgoing interface via 3 methods.
auto <----- Set outgoing interface automatically.
sdwan <----- Set outgoing interface by SD-WAN or policy routing rules.
specify <----- Set outgoing interface manually.
The reliable method to have connectivity via IPsec Tunnel can be acheived by specifying outgoing interface as tunnel interface manually.
This Configuration is only supported from CLI.
1): Go to Forti-analyze setting using below command:
tau-kvm28 # config log fortianalyzer setting
2) Enable Forti-analyzer logs using below command:
tau-kvm28 (setting) # set status enable
tau-kvm28 (setting) # show full
# config log fortianalyzer setting
set status enable
set ips-archive enable
set server ''
set certificate-verification enable
set preshared-key ''
set access-config enable
set enc-algorithm high
set ssl-min-proto-version default
set conn-timeout 10
set monitor-keepalive-period 5
set monitor-failure-retry-period 5
set certificate ''
set source-ip ''
set interface-select-method <----- Mention the tunnel interface name.
set upload-option 5-minute
set reliable disable
set priority default
set max-log-rate 0
end
tau-kvm28 (setting) #
