Description
This article shows that it is necessary to use management VDOM to communicate to FortiAnalyzer on FortiGate settings.
Scope
FortiGate.
Solution
Diagram.
The 'FAZ_VDOM' on FortiGate has a direct connection to FortiAnalyzer.
But in this scenario, the management VDOM is the 'ROOT VDOM'.
With that, if the fabric connector is configured for FortiAnalyzer on FortiGate, it will automatically use the root VDOM to reach the FortiAnalyzer, which will fail.
Image 1 shows that the root VDOM is the management VDOM.
Image 2 shows that FortiAnalyzer is configured on the FortiGate fabric connector for logging.
Image 3 shows that the connectivity failed.
If the approach here is to change the source IP of the FortiGate FortiAnalyzer setting using IP of 'FAZ_VDOM' that will not work because the management VDOM is still the root VDOM.
Here is an image for that:
The right approach is to change first the management VDOM from 'ROOT VDOM' to 'FAZ_VDOM' on the scenario, by going to GLOBAL -> SYSTEM -> VDOM, select FortiAnalyzer VDOM, select 'SWITCH MANAGEMENT' and select 'OK'.
After that, 'FAZ_VDOM' will be visible as the management VDOM.
FortiGate can now reach the FortiAnalyzer without any issue and can now also set the 'source-ip' under the FortiAnalyzer setting on FortiGate to the interface IP where the FortiAnalyzer is directly connected.
In this case, it is 10.115.2.10 by running this command.
In this case, it is 10.115.2.10 by running this command.
FortiGate request can now be seen on the FortiAnalyzer, and just authorize it.
Here is the Final result run:
exec log fortianalyzer test-connectivity
