FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nkojha
Staff
Staff
Article Id 191694

Description


This article describes how to send logs to FortiCloud.

 

Scope

 

FortiGate.

Solution

 

The FortiCloud server can be used as a redundant backup or the primary logging solution. The following assumes that this service has already been registered, and a subscription has been purchased for expanded space.
Activate FortiCloud under System -> FortiGuard, and under FortiGate Cloud select 'Activate'.

Registered Email will be pre-filled, fill empty fields and enable 'Send logs to Fortigate Cloud', select the Domain/Region (Global, US, Europe), then select 'OK'.
 
 
Go to Log and Report -> Log Settings, enable Cloud Logging, select FortiGate Cloud as 'Type', then select 'Apply'.
 

 

For v7.2.x and above, go to Security Fabric -> Fabric Connector -> Logging & Analytics -> Cloud logging -> FortiGate Cloud

 

forticloud 2.PNG

 

Also, in case of multiple ISPs or SD-WAN connection source IP and interface may be required to add.

 

config log fortiguard setting

    set status enable

    set access-config enable

    set ssl-min-proto-version default

    set source-ip 0.0.0.0  <-- It should be one of the WAN interface IP.

    set interface-select-method auto [auto|sdwan|specify] <----- With 'specify', it is necessary to add 'set interface WAN_INTERFAC_PORT_Number'.

    set upload-option realtime

    set priority default

    set max-log-rate 0

    set enc-algorithm high

    set conn-timeout 10

end

 

Note:

If there is an upstream firewall, the following ports need to be allowed for the FortiGate Cloud connection to work properly.

Refer to Outgoing Ports.

 

  1. TCP/443 for Registration, Quarantine, Log and report, Syslog, and Contract Validation.
  2. TCP/514 for OFTP.
  3. TCP/541 for Management.

 

If the Forward Traffic log is not seen on FortiCloud, make sure Log Allowed Traffic is set to 'All sessions' instead of 'Security Events' under the firewall policy config. An empty Forward Traffic log will also result in an empty FortiView dashboard when data is retrieved from FortiCloud.

Screenshot 2025-03-19 164918.png

 

If all the above settings are checked and still not receiving the logs on the Cloud, make sure that FortiGate is running the latest firmware if using Free Subscription with FortiGate Cloud. 

 

Starting February 28, 2025, a FortiGate without an active FortiGate Cloud subscription is required to upgrade to the latest firmware patch within 7 days of a new GA patch release, or FortiGate Cloud services will be paused for that device.

This will affect the cloud retention service, where logs will not be forwarded to FortiCloud until the device is updated to the latest firmware patch if using a Free FortiGate Cloud account: Technical Tip: Security enforcement change for FortiGates provisioned to FortiGate Cloud without act... 

 

A possible issue if the logging is not working due to a known issue ID 1045253. This issue causes the FortiGate logs not to be transferred to the FortiGate Cloud Log server. It is fixed on versions v7.2.11, v7.4.8, or v7.6.1, or above.


Related articles:

Troubleshooting Tip: FortiGate not sending logs to FortiCloud 

Technical Note: Logs not displayed because of corrupted flash memory

Troubleshooting Tip: FortiGate log uploads blocked to FortiGate Cloud

Technical Tip: How to check whether a FortiGate has a paid FortiGate Cloud Service Subscription