FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
srajeswaran
Staff
Staff
Article Id 318540
Description This article describes the specific condition where FortiManager generates a 'Device Offline' event for the managed FortiGate devices even though the device is online.
Scope FortiManager, FortiGate.
Solution

FortiManager can generate Device offline events as below frequently for a managed device:

 

id=7375787697232674816 itime=2024-06-02 10:23:17 euid=1 epid=1 dsteuid=1 dstepid=1 log_id=0029038009 subtype=logdev type=event level=warning adom=root time=10:23:17 date=2024-06-02 user=system msg=Did not receive any log from device LAB-Fortigate[FGVM000000000000] in last 6 minutes. userfrom=system desc=Device offline logdev_id=FGVM000000000000 logdev_name=LAB-Fortigate logdev_offline_duration=6 logdev_last_logging=0 operation=Device offline changes=Did not receive any log from device. tz=+0400 devid=FMGVMSTM22003025 dtime=2024-06-02 10:23:17 itime_t=1717309397

 

Even though the alert says the Device is Offline, the specified device is online as per the Device Manager pane.image.png

 

DM-pane.png

 

This happens when 'FortiAnalyzer Features' are enabled on FortiManager, but FortiGate is not configured to send logs to this FortiManager.

 image.png

 

When the FortiAnalyzer feature is turned on, FortiManager expects logs from the managed device and results in a Device Offline event if no logs are received. This does not mean that the managed FortiGate is offline.

 

To fix the issue, it is possible to configure the FortiManager IP as FortiAnalyzer on the FortiGate or Turn off the 'FortiAnalyzer Feature' on the FortiManager. 

 

Note:

Turning off/on the FortiAnalyzer feature will reboot the FortiManager to apply the changes.