Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sahmed_FTNT
Staff & Editor
Staff & Editor

Created on ‎08-01-2024 08:08 AM

Article Id 329812

Troubleshooting Tip: How to troubleshoot connection issues between FortiGate and Splunk

Description This article describes how to troubleshoot connection issues with the Fortinet/FortiGate application in Splunk.
Scope Splunk, FortiGate.
Solution

Topology:

 

User <-> FortiGate <-> Splunk 

 

Note: Splunk uses port 514 by default.

For instructions on how to add FortiGate to Splunk, see the deployment guide.

Link to the Splunk Fortinet app.

 

If Splunk is not able to view the logs, take the following troubleshooting steps:

 

Step 1:

 

Try to ping the Splunk server using the following command:

 

exe ping 10.10.10.10

 

If Ping responses are failing, it is possible ICMP is blocked in the network path.

 

Step 2:

 

Run the packet sniffer:

 

splunk1.png

 

In this example, traffic is going out but there no response to the ICMP request.

 

splunk 2.png

 

Verify traffic on port 514 is going out from the Fortigate. It may be necessary to capture traffic on the server side for further traffic verification.
510
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.