|
Make sure the FortiGate firmware version and FortiAnalyzer Cloud version are compatible.
Run a ping to fortianalyzer.forticloud.com to find the IP address of the FortiAnalyzer Cloud.
execute ping fortianalyzer.forticloud.com
Or run the following commands on the FortiAnalyzer Cloud:
diagnose debug enable
diagnose test application vmd 20
See Identifying the public IP address - FortiAnalyzer Cloud documentation.
Once the FortiAnalyzer Cloud IP is identified, it can be used to collect the sniffer and debug flow.
- Run sniffer to see if a 3-way handshake can be completed:
diagnose sniffer packet any 'host w.x.y.z. and port 514' 4 0 l <----- Where w.x.y.z is the FortiAnalyzer IP address.
Press Ctrl+C to stop the sniffer.
- If a 3-way handshake is unable to be completed, run the debug flow:
diagnose debug reset
diagnose debug flow filter clear
diagnose debug console timestamp enable
diagnose debug flow show function-name enable
diagnose debug flow show iprope enable
diagnose debug flow filter addr w.x.y.z
diagnose debug flow filter port 514
diagnose debug flow trace start 99
diagnose debug enable
To stop the debug commands later, Press Ctrl + c and enter 'diagnose debug reset'.
- Check FortiGate connectivity to FortiGuard:
execute ping service.fortiguard.net
execute ping update.fortiguard.net
-
Check the FortiAnalyzer-Cloud settings on FortiGate run the below command:
config log fortianalyzer-cloud setting
show full
config log fortianalyzer-cloud filter
show full
If the issue persists, open a ticket and attach the debug at support.fortinet.com.
|
