Step 1: After confirming the configuration on both FortiGate and FortiAnalyzer, run the log FortiAnalyzer connectivity test from CLI as below:

execute log fortianalyzer test-connectivity

The error will look like below:

Failed to get FAZ's status. Connection failed. Network is unreachable(-1)

Step 2: Confirm the routing table entry if there is a route to FortiAnalyzer.

Step 3: Run the debug flow for miglogd and observe the following error.

diagnose debug application miglogd 255

diagnose debug enable

To stop debugging:

diagnose debug disable

diagnose debug reset

2022-08-12 13:07:18 miglog_socket_set_interface()-221: Binded interface index: 0.

2022-08-12 13:07:18 <2138> miglog_start_rmt_conn()-1512: oftp_connect(fds) failed: tcps connect error.

2022-08-12 13:07:18 miglog_socket_set_interface()-221: Binded interface index: 0.

2022-08-12 13:07:18 <2139> miglog_start_rmt_conn()-1512: oftp_connect(fds) failed: tcps connect error

Observe the HA configuration:

config system ha

    set group-name "FW-HA"

    set mode a-p

    set hbdev "ha" 100

    set session-sync-dev "mgmt"

    set ha-mgmt-status enable

        config ha-mgmt-interfaces

            edit 1

                set interface "port"

                set gateway X.X.X.X

            next

        end

    set override enable

    set priority 255

    set ha-direct enable          <-- set ha-direct disable.

end

When HA-Direct is enabled, all the management traffic starts going over the HA links, including the CAPWAP requests.

If the set ha-direct is enabled, change it to the disabled mode.

Related article:

Technical Tip: How to specify an outgoing interface for logging to external devices in a FortiGate c... 

Troubleshooting Tip: Unable to set source IP under 'config log fortianalyzer setting'