Technical Tip: Logs are visible on FortiAnalyzer despite the test connectivity error on FortiGate

princes · ‎01-11-2026

Description

This article describes the reason why test connectivity fails on FortiGate with error -19, despite logs being sent to FortiAnalyzer.

Scope

FortiGate.

Solution

This issue will be triggered if the test connection fails due to an MTU issue from the FortiGate outgoing interface.

If the traffic towards the server (FortiAnalyzer) is routed over the tunnel interface and the MTU is modified on the WAN interface, then this error will be shown during test connectivity.

So make sure to modify the MTU on the tunnel interface instead of the WAN interface in this kind of setup.

Even if the logs are sent properly and are visible on the FortiAnalyzer.

execute log fortianalyzer test-connectivity
Failed to get FAZ's status. Authentication Failed. (-19)

get router info routing-table details 10.5.150.8

Routing table for VRF=0
Routing entry for 10.5.0.0/16
Known via "bgp", distance 200, metric 0, best
Last update 00:01:18 ago
* vrf 0 10.20.8.1 priority 1 (recursive is directly connected, VPN1)

diagnose sniffer packet any "host 10.5.150.80" 4 0 l
interfaces=[any]
filters=[host 10.5.150.80]
2026-01-09 12:47:03.848362 VPN1 out 10.10.55.1.8224 -> 10.5.150.80.514: psh fin 4036127391 ack
2026-01-09 12:47:03.918259 VPN1 in 10.5.150.80.514 -> 10.10.55.1.8224: ack 4036120093
2026-01-09 12:47:04.002449 VPN1 out 10.10.55.1.1146 -> 10.5.150.80.514: syn 1397598845
2026-01-09 12:47:04.066443 VPN1 in 10.5.150.80.514 -> 10.10.55.1.1146: syn 722587120 ack 1397598846
2026-01-09 12:47:04.066517 VPN1 out 10.10.55.1.1146 -> 10.5.150.80.514: ack 722587121
2026-01-09 12:47:04.067240 VPN1 out 10.10.55.1.1146 -> 10.5.150.80.514: psh 1397598846 ack 722587121
2026-01-09 12:47:04.174711 VPN1 in 10.5.150.80.514 -> 10.10.55.1.1146: ack 1397599243
2026-01-09 12:47:04.174759 VPN1 in 10.5.150.80.514 -> 10.10.55.1.1146: psh 722587121 ack 1397599243
2026-01-09 12:47:04.174787 VPN1 out 10.10.55.1.1146 -> 10.5.150.80.514: ack 722587220
2026-01-09 12:47:04.175788 VPN1 out 10.10.55.1.1146 -> 10.5.150.80.514: psh 1397599243 ack 722587220
2026-01-09 12:47:04.243150 VPN1 in 10.5.150.80.514 -> 10.10.55.1.1146: 722587220 ack 1397599679
2026-01-09 12:47:04.243212 VPN1 in 10.5.150.80.514 -> 10.10.55.1.1146: psh 722588580 ack 1397599679
2026-01-09 12:47:04.243239 VPN1 out 10.10.55.1.1146 -> 0.5.150.80.514: ack 722589940
2026-01-09 12:47:04.243366 VPN1 in 0.5.150.80.514 -> 10.10.55.1.1146: 722589940 ack 1397599679

After modifying the MTU value on the tunnel interface, the test was successful without any error:

config system interface

edit VPN1

set mtu-override enable

set mtu 1300

end

execute log fortianalyzer test-connectivity
FortiAnalyzer Host Name: BESCOM_HSR_DC_FortiAnalyzer
FortiAnalyzer Adom Name: root
FortiGate Device ID: FGT40FTK2109BCU9
Registration: registered
Connection: allow
Adom Disk Space (Used/Allocated): 6362587373229B/10995116277760B
Analytics Usage (Used/Allocated): 3394147053416B/7696581394432B
Analytics Usage (Data Policy Days Actual/Configured): 60/60 Days
Archive Usage (Used/Allocated): 2968440319813B/3298534883328B
Archive Usage (Data Policy Days Actual/Configured): 230/365 Days
Log: Tx & Rx (16 logs received since 12:49:15 01/09/26)
IPS Packet Log: Tx & Rx
Content Archive: Tx & Rx
Quarantine: Tx & Rx

Related article:

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity

Technical Tip: Logs are visible on FortiAnalyzer despite the test connectivity error on FortiGate

You are leaving our website