We have just upgraded our 100F from 7.0.17 to 7.4.9 with 7.0 going end of support.
It upgraded to 7.2 and then to 7.4
Everything seems to work fine with the exception of FortiAnalyzer Cloud. It's refusing to connect and send logs. We did upgrade the FAZ from 7.4 to 7.6.4 however it hasn't seemed to make any difference and both versions seem to support our Fortigate version. I have also removed the device and re-added it to FA Cloud still with no luck.
There's no access issues that I know of
# exec ping fortianalyzer.forticloud.com
PING fortianalyzer.forticloud.com.geo.fortinet.net (154.52.2.161): 56 data bytes
64 bytes from 154.52.2.161: icmp_seq=0 ttl=52 time=20.6 ms
64 bytes from 154.52.2.161: icmp_seq=1 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=2 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=3 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=4 ttl=52 time=20.5 ms
--- fortianalyzer.forticloud.com.geo.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 20.5/20.5/20.6 ms
The only clue is an error with SSL
exec log fortianalyzer-cloud test-connectivity
Failed to get FortiAnalyzer Cloud's status. SSL error. (-3)
However I'm at a loss as to what to try next.
Any help appreciated :)
Solved! Go to Solution.
Hello Bill,
Regarding the same issue, instead of changing the global setting, I modified the FortiAnalyzer Cloud logging configuration directly:
config log fortianalyzer-cloud setting
set status enable
set ssl-min-proto-version TLSv1-3
end
The FortiGate is now able to send logs and retrieve the FortiAnalyzer's serial number.
Thank you for your help
Hello,
I’m getting the error message due to a duplicate. The certificates are exactly the same, so that doesn’t seem to be the problem.
Regards,
Karsten
If I try to import them as CA Certificates I get the following errors
As far as I can tell the Fortigate ones match the FAZ ones so I don't think they are different.
FAZ
Fortigate
There was also an additional certificate on the FAZ with a CN=<FORTIGATESERIALNUMBER> which I imported and in addition I also exported the "Local Certificates" from the FAZ and imported them as Remote Certificates on the Fortigate which also had no effect 🥲
Hello everyone,
it’s definitely due to FortiOS 7.4.9. I downgraded to 7.4.8 and now the FortiGate connects immediately to the FortiAnalyzer Cloud.
Regards,
Karsten
If you have a support ticket with Fortinet, please share it with me. I can use your configuration to test on my FGT-100F device in the lab.
If you don’t have a ticket, could you please send your configuration to my email: bhoang@fortinet.com? I’m Bill from Fortinet, and I’d like to reproduce the issue in the lab to help identify the root cause.
Thank you.
Bill
@BillH_FTNT Sended you an EMail
Best regards
Karsten
Can confirm, downgrading to 7.4.8 seems to have worked (although I did need to switch to Fortigate Cloud and once connected, back to Fortianalyzer Cloud to get it to play ball)
Fortigate
FAZ
I will attempt to re-upgrade and see if the problem re-occurs when it won't annoy the office 🥲;)
Upgrading to 7.4.9 restored the issue, currently back on 7.4.8
Can confirm upgrading from 7.4.8 to 7.4.9 killed FortiAnalyzer Cloud.
Downgrading (again) to 7.4.8 restored connection.
Looks like it's an issue with 7.4.9 here also.
Hi All,
I noticed that our Engineering team is currently investigating an issue quite similar to the one you reported. However, there’s no conclusion yet, so I’m unable to share any results at this time. I’ll provide updates as soon as more information becomes available.
In the meantime, if you're able to run a quick test (just a test), could you please try configuring the minimum SSL protocol used in FortiOS 7.4.9 to ensure that TLSv1.3 is used for the connection to FMG/FAZ Cloud:
config system global
set ssl-min-proto-version TLSv1-3
end
Regards
Bill
Hello Bill,
Regarding the same issue, instead of changing the global setting, I modified the FortiAnalyzer Cloud logging configuration directly:
config log fortianalyzer-cloud setting
set status enable
set ssl-min-proto-version TLSv1-3
end
The FortiGate is now able to send logs and retrieve the FortiAnalyzer's serial number.
Thank you for your help
User | Count |
---|---|
2624 | |
1393 | |
805 | |
671 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.