Fortigate 60D(v6.0.13) and FortiAnalyzer(v7.2.5)
I'm having strange issue, Fortigate dashboard show two admins logged in - Admin (with my workstation ip ) and Admin (127.0.01).
FortiAnalyzer system events for FGT60D show the following. Every hour there is a successful login.
14:57:45 Administrator admin timed out on https(127.0.0.1)
14:47:46 Administrator admin logged in successfully from https(127.0.0.1)
13:57:22 Administrator admin timed out on https(127.0.0.1)
13:48:19 Administrator admin logged in successfully from https(127.0.0.1)
I have other devices with older and newer firmware, not seeing this issue for other devices, including 60D with older firmware.
Any idea what is causing this and how to resolve this ?.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Please refer to the document regarding 127.0.0.1 Admin login
https://community.fortinet.com/t5/FortiAnalyzer/Technical-tip-Admin-login-from-127-0-0-1/ta-p/191892
Hello,
on FAZ, correct username and password are configured.
on FGT following is configured,
config log fortianalyzer setting
set status enable
set server <FAZ_IP>
set enc-algorithm high-medium
set certificate "Fortinet_Factory"
set upload-option 1-minute
set reliable enable
end
there is no "set serial" command available on FGT as per the document shared by you.
Hello,
Please run the following command
config log fortianalyzer setting
sh full
end
This sh full configuration will show the set serial command
unfortunately "set serial" command is not available on this firmware.
config log fortianalyzer setting
set status enable
set ips-archive enable
set server <FAZ_IP>
set enc-algorithm high-medium
set ssl-min-proto-version default
set conn-timeout 10
set monitor-keepalive-period 5
set monitor-failure-retry-period 5
set certificate "Fortinet_Factory"
set source-ip ''
set upload-option 1-minute
set reliable enable
end
output of set options.
# set ?
status Enable/disable logging to FortiAnalyzer.
ips-archive Enable/disable IPS packet archive logging.
*server The remote FortiAnalyzer.
enc-algorithm Enable/disable sending FortiAnalyzer log data with SSL encryption.
ssl-min-proto-version Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
conn-timeout FortiAnalyzer connection time-out in seconds (for status and log buffer).
monitor-keepalive-period Time between OFTP keepalives in seconds (for status and log buffer).
monitor-failure-retry-period Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
certificate Certificate used to communicate with FortiAnalyzer.
source-ip Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
upload-option Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
reliable Enable/disable reliable logging to FortiAnalyzer.
#
Technically it's not a problem to solve. It's normal behavior when FAZ polls information from that firewall. In some (older) versions it is shown in the logs, in others it is not. In the newer FortiOS this log was removed. The only concern you should have is when you see failed attempts from FAZ IP and admin account.
How to remove these logs? Try to filter them in FortiGate or FAZ by log ID and exclude them. Make sure you don't exclude valid logs too with this filter.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-exclude-a-specific-set-of-logs-that...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.