Created on 06-02-2024 09:52 PM Edited on 06-07-2024 05:56 AM By Jean-Philippe_P
Description | This article describes the specific condition where FortiManager generates a 'Device Offline' event for the managed FortiGate devices even though the device is online. |
Scope | FortiManager, FortiGate. |
Solution |
FortiManager can generate Device offline events as below frequently for a managed device:
id=7375787697232674816 itime=2024-06-02 10:23:17 euid=1 epid=1 dsteuid=1 dstepid=1 log_id=0029038009 subtype=logdev type=event level=warning adom=root time=10:23:17 date=2024-06-02 user=system msg=Did not receive any log from device LAB-Fortigate[FGVM000000000000] in last 6 minutes. userfrom=system desc=Device offline logdev_id=FGVM000000000000 logdev_name=LAB-Fortigate logdev_offline_duration=6 logdev_last_logging=0 operation=Device offline changes=Did not receive any log from device. tz=+0400 devid=FMGVMSTM22003025 dtime=2024-06-02 10:23:17 itime_t=1717309397
Even though the alert says the Device is Offline, the specified device is online as per the Device Manager pane.
This happens when 'FortiAnalyzer Features' are enabled on FortiManager, but FortiGate is not configured to send logs to this FortiManager.
When the FortiAnalyzer feature is turned on, FortiManager expects logs from the managed device and results in a Device Offline event if no logs are received. This does not mean that the managed FortiGate is offline.
To fix the issue, it is possible to configure the FortiManager IP as FortiAnalyzer on the FortiGate or Turn off the 'FortiAnalyzer Feature' on the FortiManager.
Note: Turning off/on the FortiAnalyzer feature will reboot the FortiManager to apply the changes. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.