Description
This article describes FortiAnalyzer connectivity with FortiGate via IPsec tunnel which can be achieved by specifying the tunnel name in FortiAnalyzer log setting.
Scope
FortiGate.
Solution
In the FortiAnalyzer log setting, it is possible to specify the outgoing interface via 3 methods.
auto <----- Set outgoing interface automatically.
sdwan <----- Set outgoing interface by SD-WAN or policy routing rules.
specify <----- Set outgoing interface manually.
The reliable method to have connectivity via IPsec Tunnel can be achieved by specifying outgoing interface as tunnel interface manually. When using this method, it is recommended to assign an IP address to the IPsec tunnel interface and include that IP address in the phase2 selectors.
This Configuration is only supported by CLI.
- To Forti-analyze setting using below command:
tau-kvm28 # config log fortianalyzer setting
- Enable FortiAnalyzer logs using the below command:
tau-kvm28 (setting) # set status enable
tau-kvm28 (setting) # show full
config log fortianalyzer setting
set status enable
set ips-archive enable
set server ''
set certificate-verification enable
set preshared-key ''
set access-config enable
set enc-algorithm high
set ssl-min-proto-version default
set conn-timeout 10
set monitor-keepalive-period 5
set monitor-failure-retry-period 5
set certificate ''
set source-ip ''
set interface-select-method specify
set interface '' <----- Mention the tunnel interface name.
set upload-option 5-minute
set reliable disable
set priority default
set max-log-rate 0
end
tau-kvm28 (setting) #
It is also possible to set source-ip as described in this article: Technical Tip: How to send FortiGate logs to the F... - Fortinet Community
Related article:
Technical Tip: FortiAnalyzer connectivity with For... - Fortinet Community
