|
Verify basic connectivity is fine by Ping, traceroute, and telnet.
However, while checking the connectivity with the analyzer by the below command, it gives the error:
exec log fortianalyzer test-connectivity
failed to get faz's status. invalid error number (0).(0)
This error is seen when a certificate is missing on FortiGate.
It is necessary to check the certificate on the FortiGate.
Make sure the certificate with the CN='fortinet-ca2 is present.
If it is not present, try downloading the cert from the FortiAnalyzer and importing it on FortiGate.
Ensure it is added in external CA.
Once it is added, reset the daemon on FortiAnalyzer and FortiGate by using the below command:
diag test app oftpd 99" <----- FortiAnalyzer.
'fnsysctl killall miglogd' <----- FortiGate.
Use the following command again to verify connectivity.
Successful sending of logs:
exec log fortianalyzer test-connectivity
FortiAnalyzer Host Name: FAZVM64
FortiGate Device ID: FGT1234567890
Registration: registered
Connection: allow
Disk Space (Used/Allocated): 0/Unlimited MB
Total Free Space: 831949 MB
Log: Tx & Rx (28 logs received since 02:00:18 02/20/18)
IPS Packet Log: Tx & Rx
Content Archive: Tx & Rx
Quarantine: Tx & Rx
If none of the above suggestions help to establish connectivity between FortiGate-FortiAnalyzer, a few more steps that can help achieve the resolution of this problem are added below:
config log fortianalyzer setting
set certificate-verification disable
end
config system interface
edit <name_of_interface>
set mtu-override enable
set mtu <value> <----- The value of the MTU can be reduced.
end
As each infrastructure is unique from the other, there might be a chance that the same solution does not apply to every network. In this case, create a ticket with TAC support to troubleshoot the issue further.
|
