Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nkojha
Staff
Staff

Created on ‎12-17-2019 07:41 AM Edited on ‎07-12-2025 08:51 AM By Staff

Article Id 191694

Technical Tip: Sending logs to FortiCloud

Description


This article describes how to send logs to FortiCloud.

 

Scope

 

FortiGate.

Solution


Activate FortiCloud under System -> FortiGuard, and under FortiGate Cloud select 'Activate'.

Registered Email will be pre-filled, fill empty fields and enable 'Send logs to Fortigate Cloud', select the Domain/Region (Global, US, Europe), then select 'OK'.
 
 
Go to Log and Report -> Log Settings, enable Cloud Logging, select FortiGate Cloud as 'Type', then select 'Apply'.
 

 

For v7.2.x and above, go to Security Fabric -> Fabric Connector -> Logging & Analytics -> Cloud logging -> FortiGate Cloud

 

forticloud 2.PNG

 

Also, in case of multiple ISPs or SD-WAN connection source IP and interface may be required to add.

 

config log fortiguard setting

    set status enable

    set access-config enable

    set ssl-min-proto-version default

    set source-ip 0.0.0.0  <-- It should be one of the WAN interface IP.

    set interface-select-method auto [auto|sdwan|specify] <----- With 'specify', it is necessary to add 'set interface WAN_INTERFAC_PORT_Number'.

    set upload-option realtime

    set priority default

    set max-log-rate 0

    set enc-algorithm high

    set conn-timeout 10

end

 

Note:

If there is an upstream firewall, the following ports need to be allowed for the FortiGate Cloud connection to work properly.

Refer to Outgoing Ports.

 

  1. TCP/443 for Registration, Quarantine, Log and report, Syslog, and Contract Validation.
  2. TCP/514 for OFTP.
  3. TCP/541 for Management.

 

If the Forward Traffic log is not seen on FortiCloud, make sure Log Allowed Traffic is set to 'All sessions' instead of 'Security Events' under the firewall policy config. An empty Forward Traffic log will also result in an empty FortiView dashboard when data is retrieved from FortiCloud.

Screenshot 2025-03-19 164918.png

 

If all the above settings are checked and still not receiving the logs on the Cloud, make sure that FortiGate is running the latest firmware if using Free Subscription with FortiGate Cloud. 

 

Starting February 28, 2025, a FortiGate without an active FortiGate Cloud subscription is required to upgrade to the latest firmware patch within 7 days of a new GA patch release, or FortiGate Cloud services will be paused for that device.

This will affect the cloud retention service, where logs will not be forwarded to FortiCloud until the device is updated to the latest firmware patch if using a Free FortiGate Cloud account: Technical Tip: Security enforcement change for FortiGates provisioned to FortiGate Cloud without act... 

 

A possible issue if the logging is not working due to a known issue ID 1045253. This issue causes the FortiGate logs not to be transferred to the FortiGate Cloud Log server. It is fixed on versions v7.2.11, v7.4.8, or v7.6.1, or above.


Related articles:

Troubleshooting Tip: FortiGate not sending logs to FortiCloud 

Technical Note: Logs not displayed because of corrupted flash memory

Troubleshooting Tip: FortiGate log uploads blocked to FortiGate Cloud

Technical Tip: How to check whether a FortiGate has a paid FortiGate Cloud Service Subscription 

13499
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.