Description
This article describes how to setup FortiSIEM infrastructure if customer have Windows/Linux Agents connecting to Collector that is placed behind Load Balancer and there is NAT between them.
By default, once the Status connection is established from Agents all the way to Supervisor, Windows/Linux Agent will try to upload the log directly to Collector’s private IP Address.
As it is not allowed, then no logs can be uploaded.
As it is not allowed, then no logs can be uploaded.
Solution
Customer need to add some configuration on the Windows/Linux Agents template to recognize the Public IP Address on Load Balancer, so the traffic can be load balanced properly to Collectors.
1) Go to Admin –> Setup –> Windows/Linux Agent.
2) Host to Template Associations.
3) Fill in the Public IP Address of Load Balancer on Virtual Collectors.
This way the Agents will now connect to the public IP address of Load Balancer to upload the logs.
