Help
FortiSIEM Discussions
adrifesa95
New Contributor

Created on ‎12-11-2024 03:59 AM

[FORTISIEM] WINDOWS Agent Disconnected

Hi Team,

I have installed windows agent in test server and that is working fine after doing all the troubleshooting.

 

But issue is that when I installed the agent in production server, all agents are showing disconnected.

I have researched a lot about this issue but not getting help. 

Version is 7.2.2

 

I have tested connectivity between agents and collector and supervisor.

Request you to please help in this situation. Thanks in advance.

Labels:
1511
0 Kudos
12 REPLIES 12
Secusaurus
Contributor III

Created on ‎12-11-2024 04:43 AM

Hi @adrifesa95,

 

Note that the IP-address/FQDN you provide in the installation is not the place where you define how the Agent communicates. Do you have correct IPs in you Admin Settings (Cluster Config)?

 

If yes:

Do you receive any kind of log/status before it goes "disconnected" or is there not a single line of information you get?

 

Best,

Christian

FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
1163
0 Kudos
Arjunpatil
New Contributor

Created on ‎07-03-2025 04:38 AM

Hi team,
Could you please advise on how to resolve this?


Supervisor version: 7.1.3

Agent version: 7.1.11

The setup is working on 2 servers, but on 3 other servers, the agent status is showing as disconnected.

Collector is configured to act as an HTTPS proxy. However, after checking the trace.log on the affected servers,
it appears that the agents are trying to connect directly to the Supervisor IP, which seems to be causing the disconnection.

785
0 Kudos
Arjunpatil
New Contributor

Created on ‎07-07-2025 03:13 AM

@premchanderr 

If you’re able to help here, I came across your post [#378663] regarding agent disconnection. We’re facing a similar issue and would appreciate your input.

Here’s what we’ve checked so far:

  • The collector HTTPS configuration seems fine — it's working for another server.

  • The server can reach the collector IP; telnet connectivity is working as expected.

  • However, in the trace logs, the agent appears to be trying to connect directly to the Supervisor instead of the Collector.

  • A HTTPS proxy is enabled on the Collector, so the agent should be routing traffic through it.

Could you suggest any additional actions or checks we might have missed?

 

766
0 Kudos
adem_netsys
Contributor II
In response to Arjunpatil

Created on ‎07-07-2025 03:17 AM

Hi @Arjunpatil 

Is Collector Proxy selected when installing the agent? Can you try this way?

762
0 Kudos
Arjunpatil
New Contributor
In response to adem_netsys

Created on ‎07-07-2025 03:22 AM

Hi adem_netsys,

Sorry, but could you please clarify what you mean by selected collector proxy?

In our setup, the Collector is acting as an HTTPS proxy. So, during the agent installation on the server, I'm entering the Collector’s IP as the Supervisor IP.

759
0 Kudos
adem_netsys
Contributor II
In response to Arjunpatil

Created on ‎07-07-2025 03:26 AM

Hi @Arjunpatil,

 

When the agent selects the "ignore system proxy" option during its setup, it does not attempt to go to Super. There's no LB in between, is there?

755
0 Kudos
Arjunpatil
New Contributor
In response to adem_netsys

Created on ‎07-07-2025 04:24 AM

Hi @adem_netsys ,

 

I am installing the FortiSIEM Windows Agent manually using the GUI method, but the installer does not prompt for the "Ignore system proxy" option during the installation process.

742
0 Kudos
premchanderr
Staff & Editor
Staff & Editor
In response to Arjunpatil

Created on ‎07-07-2025 09:09 PM

Hi @Arjunpatil ,

 

I understand that you installed agent via collector https proxy but it is reporting health status to Supervisor.  

 

If there is IP/FQDN configured in Admin -> Settings -> System -> Cluster Config -> Supervisors  <-- When you apply the template configuration, this Supervisor IP is sent to the agent to use it, creating an IP conflict.
 
Remove the value in Cluster Config -> Supervisors and keep it blank. Save. (If its not HA setup)

Now wait for 10min and let me know on result. 

Note: Take a snapshot of VM before making any modification.
Regards,
Prem Chander R
721
0 Kudos
Arjunpatil
New Contributor
In response to premchanderr

Created on ‎07-07-2025 09:24 PM

Hi @premchanderr ,


Thank you for your response.

The steps you suggested were already implemented about four months ago, and everything has been working fine for all new customers since then. However, I’m now encountering the agent disconnection issue again—but only for this specific customer on one server. Interestingly,
for the same customer, two other servers show the agent as running and active.

715
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.