Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pdelapena
Staff
Staff

Created on ‎05-29-2024 04:40 AM

Article Id 317898

Troubleshooting Tip: Blank FortiGate Cloud reports are being generated for FortiGates in HA

Description This article describes why the generated FortiGate Cloud reports are blank or could be missing the latest contents for FortiGates in HA after an HA failover.
Scope FortiGate and FortiGate Cloud.
Solution

It is important to first determine that the primary FortiGate is able to send logs remotely to FortiGate Cloud. 

 

To check, go to Security Fabric -> Fabric Connectors -> Logging & Analytics -> Edit -> Cloud Logging and ensure the Connection Status is 'Connected', and that the information in the graph indicates that remote logs are being sent daily. 

FGTCLDlog.JPG

 

Note: The graph for Remote Logs Sent Daily will be reset after a reboot. Empty information in previous days does not mean that the FortiGate has not sent any logs to the FortiGate Cloud. Verify in the FortiGate Cloud if logs are indeed received.

 

If the Connection status states that there is an issue, follow this FortiGate Cloud connection troubleshooting guide .

 

Upon verifying that the logs are being sent to the FortiGate Cloud, if the issue persists: verify if there was an HA failover event in the FortiGates by checking Log & Report -> System Events -> Logs -> HA Events or by running the following command in the CLI:

 

get system ha status

 

The reason why an HA failover event needs to be checked is due to a possible misconfiguration in FortiGate Cloud report settings wherein the report is only set for the original primary FortiGate and the secondary FortiGate is not selected under 'Aggregation Devices'.

 

To set this report setting in FortiGate Cloud (forticloud.com), go to the primary FortiGate -> Report -> Schedule -> Select between 'Schedule' for scheduled report or 'Run' for manual report generation. Then, under 'Aggregation Devices', select the other FortiGate serial number(s) in the HA group and select 'OK'. 

 

FGTCLDreport.jpg

 

Once the settings have been changed, the next report to be generated will now contain information from all members of the HA group. Regardless of which unit is the current primary in the HA cluster, the information from all devices should now be aggregated into a single report. The top section of the report will now show that it has been generated from the original primary FortiGate with the other aggregated devices.

 

FGTCLDreportname.JPG

 

If the issue persists, contact TAC for further assistance.
Labels:
1287
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.