Created on 01-30-2023 02:20 AM Edited on 03-14-2024 05:51 AM By Anthony_E
Description
This article explains an issue with FortiGate/FortiNDR integration where the two cannot connect or authorize after a FortiGate is deleted.
In FortiGate, FortiNDR shows as 'unreachable'. In FortiNDR, the FortiGate does not appear under the 'Device Input' tab and cannot be authorized.
Scope
All currently supported versions of FortiGate and FortiNDR.
Solution
If an authorized device under the 'Device Input' page in FortiNDR was deleted, FortiNDR will not automatically show it in the list in the future. It must be added manually instead.
Run one of the following two commands in the FortiNDR CLI, depending on the FortiGate firmware version:
FortiGate firmware below 7.x:
execute device add 1 <FortiGate signature>
FortiGate firmware 7.x or above:
execute device add 3 <FortiGate signature>
This command will add the FortiGate to FortiNDR.
Note:
The number in the command is the device ID type:
1 = OFTP for FortiGate versions below 7.x
3 = HTTP2 for FortiGate version 7.x or above
4 = FSSA
7 = FML
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.