Description | This article describes how to troubleshoot a FortiSOAR connector having issues connecting to FortiGate. |
Scope | FortiSOAR, FortiGate. |
Solution |
FortiSOAR requires the following in order to connect to FortiGate:
More information : https://docs.fortinet.com/document/fortisoar/5.3.0/fortinet-fortigate/863/fortinet-fortigate-v5-3-0
Troubleshooting steps :
First, ensure FortiGate receives the traffic from FortiSoar and is allowing the traffic via debug flow:
diagnose sniffer packet any "<FortiSoar IP>" 4 0 l diagnose debug flow filter address <FortiSoar IP> diagnose debug flow show function enable
Stop the process with the following command:
diagnose debug disable
Scenario 1: Traffic flows from one interface to another on FortiGate. A firewall policy is required to allow it.
Example: Traffic from FortiSOAR comes in via IPsec tunnel and is destined towards Port3 interface.
Create a firewall policy on FortiGate to allow the traffic from the IPsec tunnel to Port3.
Scenario 2: Traffic is being denied after checking on iPrope 10000f (for Administrative traffic allowed based on the interface allows access).
Debug flow result:
Verify that the REST API Admin is configured with the correct FortiSoar IP as Trust Host. Ensure that the IP is seen under:
diagnose firewall iprope list 10000f | grep source
More information is available in Technical Tip: iPrope policies group.
If the FortiSoar IP is not appearing after configuring it under Trust Host, consult with TAC by opening a ticket with the above information collected. |