May I ask as to what is the best practice when the Fortigate has 3 VDOMS including the root VDOM and the logs are forwarded to FortiAnalyzer? Right now, every VDOM is allocated 1 port on the FortiAnalyzer so that every VDOM can forward logs to the FortiAnalyzer. The Fortigate has 3 VDOMs including the root VDOM. The FortiAnalyzer 200D has only 4 ports. Is there a way so that 1 Fortigate device however how many number of VDOMs it has can forward logs to the FortiAnalyzer using one port only on the FortiAnalyzer?
Hiya,
You may have misunderstood or configured something wrongly. Normally you configure just 1 interface on the FortiAnalyzer, then on the FortiGate you configure logging to the FortiAnalyzer globally (Global > Log Config > Log settings) which is then applied for every VDOM. This ensures that all logging from the FortiGate, including those of alle VDOM's, are sent out from the management VDOM (normally root) to the FortiAnalyzer. The FortiAnalyzer is capable of seeing which VDOM's are present on the FortiGate, and the log view can be split out over VDOM's using Log Arrays for easier reading.
Yes, I also think that I got it wrong. I was expecting that from FortiGate Global, logs from all the VDOMs are forwarded to the FortiAnalyzer.
However, when an interface in the FortiGate Global was given an IP address that is in the same subnet as the FortiAnalyzer interface, ping is not possible.
Example:
FortiGate>Global>Network>Interfaces>port1>192.168.1.99/24
FortiAnalyzer>System Settings>Network>port1>192.168.1.100/24
FortiGate>Global>CLI>ping 192.168.1.100
result: cannot ping
Do I ping from the Global?
Or do I ping from the root VDOM?
Thanks for in advance for any feedback.
Ping can only be used within VDOM's, in this case "execute ping 192.168.1.100" within VDOM root. Make sure that:
- VDOM root is indeed marked as the management VDOM (Global > VDOM >VDOM and then verify the upper right value after "Switch Management")
- The trusted hosts of the configured administrators on the FortiAnalyzer and/or FortiGate do not block this ping request. (e.g. the trusted hosts should contain 192.168.1.0/24 or 0.0.0.0/0.0.0.0)
- PING is allowed and enabled on the interface.
Otherwise there is a layer 2 issue, as ping should work especially within the same subnet/vlan. (check cables and switch configurations) You can also try and directly connect your laptop to either interface and ping the FortiGate/FortiAnalyzer as a way of checking where the fault is.
Thanks very much Mr Sinners. This helped.
Hello i have a similar issue here, the analyzers sees other VDOMs and it is not seeing others, and i have check that the IP address of the analyzer has been set globally on VDOMs. I will like to know how i can manually make the VDOMs that are red on the FAZ come green. Am really seeking for help on this.
Thanks
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.