We have just upgraded our 100F from 7.0.17 to 7.4.9 with 7.0 going end of support.
It upgraded to 7.2 and then to 7.4
Everything seems to work fine with the exception of FortiAnalyzer Cloud. It's refusing to connect and send logs. We did upgrade the FAZ from 7.4 to 7.6.4 however it hasn't seemed to make any difference and both versions seem to support our Fortigate version. I have also removed the device and re-added it to FA Cloud still with no luck.
There's no access issues that I know of
# exec ping fortianalyzer.forticloud.com
PING fortianalyzer.forticloud.com.geo.fortinet.net (154.52.2.161): 56 data bytes
64 bytes from 154.52.2.161: icmp_seq=0 ttl=52 time=20.6 ms
64 bytes from 154.52.2.161: icmp_seq=1 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=2 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=3 ttl=52 time=20.5 ms
64 bytes from 154.52.2.161: icmp_seq=4 ttl=52 time=20.5 ms
--- fortianalyzer.forticloud.com.geo.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 20.5/20.5/20.6 ms
The only clue is an error with SSL
exec log fortianalyzer-cloud test-connectivity
Failed to get FortiAnalyzer Cloud's status. SSL error. (-3)
However I'm at a loss as to what to try next.
Any help appreciated :)
Solved! Go to Solution.
Hello Bill,
Regarding the same issue, instead of changing the global setting, I modified the FortiAnalyzer Cloud logging configuration directly:
config log fortianalyzer-cloud setting
set status enable
set ssl-min-proto-version TLSv1-3
end
The FortiGate is now able to send logs and retrieve the FortiAnalyzer's serial number.
Thank you for your help
Created on 10-06-2025 05:17 AM Edited on 10-06-2025 05:18 AM
Hi Bill
Just upgraded to 7.4.9 to try the above and it's now connecting.
I'm assuming that whatever mismatch in the SSL versions has been sorted on Fortis Side.
Hi @willow
I believe our engineering team is currently working on a similar issue to yours.
In the meantime, could you try the method that MT-DSG suggested above?
"
Regarding the same issue, instead of changing the global setting, I modified the FortiAnalyzer Cloud logging configuration directly:
config log fortianalyzer-cloud setting
set status enable
set ssl-min-proto-version TLSv1-3
end
The FortiGate is now able to send logs and retrieve the FortiAnalyzer's serial number.
Thank you for your help"
Regards
Bill
Hi Bill
That was the plan, however when I upgraded to 7.4.9 yesterday to try this Fortianalyzer connected first time with no issues or drama.
I can change the setting, however I don't know if it would be indicative of anything.
FORTIGATE (setting) # show full-configuration
config log fortianalyzer-cloud setting
set status enable
set ips-archive disable
set certificate-verification enable
set serial "FAZVCLTMXXXXXXX"
set preshared-key ''
set access-config enable
set enc-algorithm high
set ssl-min-proto-version default
set conn-timeout 10
set monitor-keepalive-period 5
set monitor-failure-retry-period 5
set certificate ''
set source-ip ''
set interface-select-method auto
set upload-option realtime
set priority default
set max-log-rate 0
end
I am assuming the issue was fixed somehow over the weekend.
Kind Regards
@BillH_FTNT wrote:Hi @willow
I believe our engineering team is currently working on a similar issue to yours.
In the meantime, could you try the method that MT-DSG suggested above?"
Regarding the same issue, instead of changing the global setting, I modified the FortiAnalyzer Cloud logging configuration directly:
config log fortianalyzer-cloud setting
set status enable
set ssl-min-proto-version TLSv1-3
end
The FortiGate is now able to send logs and retrieve the FortiAnalyzer's serial number.
Thank you for your help"
Regards
Bill
User | Count |
---|---|
2624 | |
1393 | |
805 | |
671 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.