|
Step 1: After confirming the configuration on both FortiGate and FortiAnalyzer, run the log FortiAnalyzer connectivity test from CLI as below:
exec log fortianalyzer test-connectivity
The error will look like below:
Failed to get FAZ's status. Connection failed. Network is unreachable(-1)
Step 2. Confirm the routing table entry if there is a route to FortiAnalyzer.
Step 3. Run the debug flow for miglogd and observe the below error.
FW-FGT1 # dia debug application miglogd 255
FW-FGT1 # dia de en
FW-FGT1 # 2022-08-12 13:07:18 miglog_socket_set_interface()-221: Binded interface index: 0.
2022-08-12 13:07:18 <2138> miglog_start_rmt_conn()-1512: oftp_connect(fds) failed: tcps connect error.
2022-08-12 13:07:18 miglog_socket_set_interface()-221: Binded interface index: 0.
2022-08-12 13:07:18 <2139> miglog_start_rmt_conn()-1512: oftp_connect(fds) failed: tcps connect error
Observe the HA configuration:
config system ha
set group-name "FW-HA"
set mode a-p
set hbdev "ha" 100
set session-sync-dev "mgmt"
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "port"
set gateway X.X.X.X
next
end
set override enable
set priority 255
set ha-direct enable <-- set ha-direct disable.
end
When ha-direct is enabled all the management traffic starts going over the ha links including the CAPWAP requests.
If the set ha-direct is enabled change it to the disabled mode.
|
