FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the expected behavior when it is not possible to configure 'set source-ip' and 'set interface-select-method' under FortiAnalyzer or any other syslog server settings.
Scope
FortiGate, SD-WAN.
Solution
This issue happens only with the HA-Cluster. Check the ha configuration with the command 'show system ha', and it will be possible to see that 'ha-direct' is enabled.
The ha-direct is needed to use the configured management interface which is configured in the HA setting under 'config ha-mgmt-interfaces' to send log messages to FortiAnalyzer and remote syslog servers, and send SNMP as explained in this KB article:
In this case, it will not be possible to configure 'set source-ip' and 'set interface-select-method'.
To configure another interface to communicate with FortiAnalyzer and remote syslog servers there are two solutions:
Disable the ha-direct (but remember in this case configured management interface only be used for management access) by disabling ha-direct. It will be possible to configure 'set source-ip' and 'set interface-select-method' under FortiAnalyzer or any other syslog server settings.
