When the 'set ha-direct' feature is enabled under 'config system ha', FortiGate uses the HA management interface to send logs to FortiAnalyzer or to FortigateCloud.

If the intention is to transmit logs using a specific source IP address, it becomes necessary to disable the 'set ha-direct' feature.

config system ha

    set mode a-p

    set hbdev "port3" 0

    set ha-mgmt-status enable

        config ha-mgmt-interfaces

            edit 1

                set interface "port6"

            next

        end

    set override disable

    set monitor "port10"

    set ha-direct enable <-----

end

FG(global) # config log fortianalyzer setting

FG(setting) # set source-ip 1.1.1.1

command parse error before 'source-ip'

Command fail. Return code -61

FG(global) #config system ha

FG(ha) #set ha-direct disable <-----

FG(ha) #end

After disabling 'ha-direct', it is possible to set the source-ip:

FG(global) # config log fortianalyzer setting

FG(setting) # set source-ip 1.1.1.1

FG(setting) # end

FG(global) # config log fortiguard setting

FG(setting) # set source-ip 2.2.2.2

FG(setting) # end

The following notification is shown when ha-direct is enabled.

config system ha

set ha-direct enable 
When ha-direct is enabled, source ip may not work.
We recommend to unset all log-related, netflow and sflow source ip.
By selecting to continue, all source ip will be unset.
Do you want to continue? (y/n)y

Related articles:

• Technical Tip: Sending messages (logs, SNMP, RADIUS) directly from the HA management interface.
• Technical Tip: How to specify outgoing interface for logging to external devices in a FortiGate clus....