Can't Connect to Fortianalyser Cloud after Upgrade

willow · ‎09-30-2025

We have just upgraded our 100F from 7.0.17 to 7.4.9 with 7.0 going end of support.

It upgraded to 7.2 and then to 7.4

Everything seems to work fine with the exception of FortiAnalyzer Cloud. It's refusing to connect and send logs. We did upgrade the FAZ from 7.4 to 7.6.4 however it hasn't seemed to make any difference and both versions seem to support our Fortigate version. I have also removed the device and re-added it to FA Cloud still with no luck.

There's no access issues that I know of

# exec ping fortianalyzer.forticloud.com
PING fortianalyzer.forticloud.com.geo.fortinet.net (154.52.2.161): 56 data bytes
64 bytes from 154.52.2.161: icmp_seq=0 ttl=52 time=20.6 ms
64 bytes from 154.52.2.161: icmp_seq=1 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=2 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=3 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=4 ttl=52 time=20.5 ms

--- fortianalyzer.forticloud.com.geo.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 20.5/20.5/20.6 ms

The only clue is an error with SSL

exec log fortianalyzer-cloud test-connectivity
Failed to get FortiAnalyzer Cloud's status. SSL error. (-3)

However I'm at a loss as to what to try next.

Any help appreciated :)

MT-DSG · ‎10-05-2025

Hello Bill,

Regarding the same issue, instead of changing the global setting, I modified the FortiAnalyzer Cloud logging configuration directly:

config log fortianalyzer-cloud setting

set status enable

set ssl-min-proto-version TLSv1-3

end

The FortiGate is now able to send logs and retrieve the FortiAnalyzer's serial number.

Thank you for your help

View solution in original post

NAS · ‎10-01-2025

Hello,
I’m getting the error message due to a duplicate. The certificates are exactly the same, so that doesn’t seem to be the problem.

Regards,
Karsten

willow · ‎10-01-2025

If I try to import them as CA Certificates I get the following errors

As far as I can tell the Fortigate ones match the FAZ ones so I don't think they are different.

FAZ

Fortigate

There was also an additional certificate on the FAZ with a CN=<FORTIGATESERIALNUMBER> which I imported and in addition I also exported the "Local Certificates" from the FAZ and imported them as Remote Certificates on the Fortigate which also had no effect 🥲

NAS · ‎10-01-2025

Hello everyone,
it’s definitely due to FortiOS 7.4.9. I downgraded to 7.4.8 and now the FortiGate connects immediately to the FortiAnalyzer Cloud.

Regards,
Karsten

BillH_FTNT · ‎10-01-2025

Hi @NAS or @willow

If you have a support ticket with Fortinet, please share it with me. I can use your configuration to test on my FGT-100F device in the lab.
If you don’t have a ticket, could you please send your configuration to my email: bhoang@fortinet.com? I’m Bill from Fortinet, and I’d like to reproduce the issue in the lab to help identify the root cause.
Thank you.

Bill

NAS · ‎10-01-2025

@BillH_FTNT Sended you an EMail

Best regards
Karsten

willow · ‎10-02-2025

Can confirm, downgrading to 7.4.8 seems to have worked (although I did need to switch to Fortigate Cloud and once connected, back to Fortianalyzer Cloud to get it to play ball)

Fortigate

FAZ

I will attempt to re-upgrade and see if the problem re-occurs when it won't annoy the office 🥲;)

willow · ‎10-02-2025

Upgrading to 7.4.9 restored the issue, currently back on 7.4.8

willow · ‎10-02-2025

Can confirm upgrading from 7.4.8 to 7.4.9 killed FortiAnalyzer Cloud.

Downgrading (again) to 7.4.8 restored connection.

Looks like it's an issue with 7.4.9 here also.

BillH_FTNT · ‎10-03-2025

Hi All,

I noticed that our Engineering team is currently investigating an issue quite similar to the one you reported. However, there’s no conclusion yet, so I’m unable to share any results at this time. I’ll provide updates as soon as more information becomes available.

In the meantime, if you're able to run a quick test (just a test), could you please try configuring the minimum SSL protocol used in FortiOS 7.4.9 to ensure that TLSv1.3 is used for the connection to FMG/FAZ Cloud:

config system global
set ssl-min-proto-version TLSv1-3
end

Regards