Description
This article explains an issue with FortiGate/FortiNDR integration where the two cannot connect or authorize after a FortiGate is deleted.
In FortiGate, FortiNDR shows as 'unreachable'. In FortiNDR, the FortiGate does not appear under the 'Device Input' tab and cannot be authorized.
Scope
All currently supported versions of FortiGate and FortiNDR.
Solution
If an authorized device under the 'Device Input' page in FortiNDR was deleted, FortiNDR will not automatically show it in the list in the future. It must be added manually instead.
Run one of the following two commands in the FortiNDR CLI, depending on the FortiGate firmware version:
FortiGate firmware below 7.x:
execute device add 1 <FortiGate signature>
FortiGate firmware 7.x or above:
execute device add 3 <FortiGate signature>
This command will add the FortiGate to FortiNDR.
Note:
The number in the command is the device ID type:
1 = OFTP for FortiGate versions below 7.x
3 = HTTP2 for FortiGate version 7.x or above
4 = FSSA
7 = FML
