Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
syadav
Staff
Staff

Created on ‎12-01-2024 11:07 PM Edited on ‎03-09-2025 11:42 PM By Community Manager

Article Id 361711

Technical Tip: FortiGate disconnects intermittently from the FortiAnalyzer and require verification

Description

This article describes a known issue users might face with the FortiGate’s connection to the FortiAnalyzer. FortiGate stores the serial number of the FortiAnalyzer in a cached list along with timestamps. These timestamps are used to check the expiration of the serial number entries.  
Scope

FortiGate v7.6.0 or earlier.
Solution

Use the below command to check the serial number:


diagnose test app fgtlogd 1

**output-ommitted**
fortilog:

faz: global , enabled

        server=A.B.C.D, alt-server=, active-server=A.B.C.D, realtime=1, ssl=3, state=connected

        server_log_status=Log is allowed.,

        src=, mgmt_name=FGh_Log_root_A.B.C.D, reliable=1, sni_prefix_type=none,

        required_entitlement=none, region=ca-west-1,

        logsync_enabled:1, logsync_conn_id:65535, seq_no:21746

        disconnect_jiffies:0

                status: ver=7, used_disk=0, total_disk=0, global=0, vfid=0 conn_verified=Y

                SNs: last sn update:46 seconds ago.

                        Sn list:

                        (FAZAAABBBCCCDDDD,age=46s)

                queue: qlen=0.

**output-ommitted**

 

The issue occurs when the FortiAnalyzer’s serial number entry expires in the cached list because of the known issue, which in turn deletes the serial number from the FortiGate’s configuration and disconnects the FortiAnalyzer.  

The below configuration shows the configuration when the FortiAnalyzer is connected:

 

config log fortianalyzer setting

    set status enable

    set server "A.B.C.D"

    set serial "FAZAAABBBCCCDDDD"

    set upload-option realtime

    set reliable enable

end

 

Serial number missing in the below configuration as the FortiAnalyzer disconnects:

 

config log fortianalyzer setting

    set status enable

    set server "A.B.C.D"

    set upload-option realtime

    set reliable enable

end

 

This behavior occurs because of the known issues #1083537 and #1088385, these issues have been resolved in v7.6.1. 

Check: FortiOS 7.6.1 Resolved Issues

 

Logs required by FortiGate TAC for investigation:

  • CLI outputs of the below commands:


diagnose debug app fgtlogd -1
diagnose debug cli 8
diagnose debug console timestamp enable
diagnose debug enable

 

  • FortiCare debug report or TAC report:


execute tac report

 

  • Configuration file of the FortiGate.

 

workaround:

  1. Accept the FortiAnalyzer certificate again from GUI under Security Fabric -> Fabric Connector -> Logging & Analytics.
  2. Configure an automation stitch to add the FortiAnalyzer Serial Number to the configuration.
321
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.