Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Can't connect FGT to FAZ
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can't connect FGT to FAZ
Hi Guys,
Can't connect FGT (ver:6.0.5) to FAZ (ver: 6.2.1 FortiAnalyzer), connectivity test fails;
FGT been added to FAZ devices;
exec log fortianalyzer test-connectivity Failed to get FAZ's status. SSL error. (-3)
Capture shows that FAZ sending RST back to FGT:
66.345323 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: syn 1195392681 66.345952 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: syn 1231566839 ack 1195392682 66.346003 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: ack 1231566840 66.346728 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: psh 1195392682 ack 1231566840 66.346857 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: psh 1231566840 ack 1195392682 66.346885 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: ack 1231567207 66.346990 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: ack 1195392843 66.347044 port10 out 172.16.102.248.13765 -> 172.16.102.247.541: psh 1195392843 ack 1231567207 66.347382 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: ack 1195392850 67.349171 port10 in 172.16.102.247.541 -> 172.16.102.248.13765: rst 1231567207 ack 1195392850 << FAZ sending RST
Debug messages:
FortiGate-VM64 # diagnose debug enable FortiGate-VM64 # diagnose debug application miglogd -1 Debug messages will be on for 30 minutes.
FortiGate-VM64 # <158> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5. <124> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5. <158> __handle_logs()-1236: 1212 bytes received <158> send_report_log_buffer()-73: Fail to sent logs to reportd. err:111(Connection refused) <124> __check_vdom_disk_usage()-2508: vfid:0 vd quota:100 total used:0
<158> __handle_logs()-1236: 2328 bytes received <158> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5. <124> _rmt_connect()-1289: oftp_connect(global-faz) failed: ssl_connect() failed: 5.
Any idea?
Thank you for your input and help!
Solved! Go to Solution.
48386
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi guys,
i am having the same issue with my lab on VM workstation, with the same error message.
but now it is solved for me.
this is my config :
on Fortigate :
FortiGate-VM64-1 # config log fortianalyzer setting
FortiGate-VM64-1 (setting) # set status enable
FortiGate-VM64-1 (setting) # set server 172.16.10.250
FortiGate-VM64-1 (setting) # set reliable enable
FortiGate-VM64-1 (setting) # get status : enable ips-archive : enable server : 172.16.10.250 certificate-verification: enable serial : access-config : enable enc-algorithm : low ssl-min-proto-version: default conn-timeout : 10 monitor-keepalive-period: 5 monitor-failure-retry-period: 5 certificate : source-ip : upload-option : 5-minute reliable : enable
on FAZ:
FAZVM64 # config system global
(global)# set enc-algorithm low
(global)# set ssl-low-encryption enable
(global)# set oftp-ssl-protocol tlsv1.0
(global)# end enc-algorithm setting change will cause all existing FGFM tunnel/WebService connection reset. Do you want to continue? (y/n)y
killall: fgfmsd: no process killed killall: fgfmsd: no process killed
FAZVM64 #
i hope this work with you ,, ;)
Thank You
regards
Genar
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have Encryption enabled in the Fortigate where the connection to the FAZ is specified? I had a similar issue after I upgraded our FAZ to v6.2 and that was the solution for my scenario:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I have a ticket open for similar issues (ticket 3438751).
In my case connection is fine initially and logs are reported into FAZ. Then after a period of hours (12 or so) the logging stops and the the Fortigate shows as "disconnected" from the FAZ.
I also can't get the "connectivity test" to work and am seeing "unable to retrieve FortiAnalyzer serial number" messages from GUI too. I'm running 6.2.1 on the Fortigate.
So far support have acknowledged that the FAZ is sending resets and are investigating further. They have also created a similar ticket to investigate from the Fortigate perspective.
In my case I have encryption enabled so doesn't seem to be related to that.
If I get any interesting updates I'll add them to the thread.
Kind Regards,
Andy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much Andy! appreciate your help!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In our FG200E config backup, the settings show as follows:
config log fortianalyzer setting set status enable set server "10.x.y.z" set enc-algorithm high-medium set upload-option 1-minute set reliable enable end
So the thing that I notice there is the encoding algorithm set to high-medium instead of low.
If that's not it, then I don't know what else to suggest, so maybe you'll need to let Fortigate Support figure it out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Stephen!
in FGT Firmware v6.0.5 build0268 (GA) under:
"config log fortianalyzer setting" there is only "low" option
FortiGate-VM64 (setting) # set enc-algorithm ? low Encrypt logs using all encryption algorithms.
Still doesn't work
Thanks,
Igor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi guys,
i am having the same issue with my lab on VM workstation, with the same error message.
but now it is solved for me.
this is my config :
on Fortigate :
FortiGate-VM64-1 # config log fortianalyzer setting
FortiGate-VM64-1 (setting) # set status enable
FortiGate-VM64-1 (setting) # set server 172.16.10.250
FortiGate-VM64-1 (setting) # set reliable enable
FortiGate-VM64-1 (setting) # get status : enable ips-archive : enable server : 172.16.10.250 certificate-verification: enable serial : access-config : enable enc-algorithm : low ssl-min-proto-version: default conn-timeout : 10 monitor-keepalive-period: 5 monitor-failure-retry-period: 5 certificate : source-ip : upload-option : 5-minute reliable : enable
on FAZ:
FAZVM64 # config system global
(global)# set enc-algorithm low
(global)# set ssl-low-encryption enable
(global)# set oftp-ssl-protocol tlsv1.0
(global)# end enc-algorithm setting change will cause all existing FGFM tunnel/WebService connection reset. Do you want to continue? (y/n)y
killall: fgfmsd: no process killed killall: fgfmsd: no process killed
FAZVM64 #
i hope this work with you ,, ;)
Thank You
regards
Genar
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
////////////////////////////////////////////////////////////////////////////
Genar! Thank you so much! It works!
Have to tell you, I spent some quality time trying to figure out!
Best regards,
Igor
////////////////////////////////////////////////////////////////////////////
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our Analyzer is on 6.2.1, upgrade was done a few weeks ago. All 6 FortiGates logs were logging fine after the upgrade and all encrypted.
Extended the Analyzer's disk this morning as we needed more space, then after reboot of Analyzer logging stopped from one Gate. Rest still logging fine, all Gates are on 6.05
Connectivity Test:
XXXXXXW01 (global) # exec log fortianalyzer test-connectivity FortiAnalyzer Host Name: FortiAnalyzer FortiAnalyzer Adom Name: root FortiGate Device ID: FGTXXXXXXXXXX Registration: registered Connection: allow Adom Disk Space (Used/Allocated): 1376642217450B/2684354560000B Analytics Usage (Used/Allocated): 1051806966946B/1879048192000B Analytics Usage (Data Policy Days Actual/Configured): 59/90 Days Archive Usage (Used/Allocated): 324835250504B/805306368000B Archive Usage (Data Policy Days Actual/Configured): 365/365 Days Log: Tx & Rx (log not received) IPS Packet Log: Tx & Rx Content Archive: Tx & Rx Quarantine: Tx & Rx
FG log settings:
enc-algorithm: high ssl-min-proto-version: default conn-timeout: 10 monitor-keepalive-period: 5 monitor-failure-retry-period: 5 certificate: source-ip : 10.1.200.254 upload-option: realtime reliable : enable Ex(Setting) # show config log fortianalyzer setting set status enable
set server "10.1.210.2" set source-ip "10.1.200.254" set upload-option realtime
set reliable enable end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
genar wrote:Worked like a charm!on Fortigate :
FortiGate-VM64-1 # config log fortianalyzer setting
FortiGate-VM64-1 (setting) # set reliable enable
on FAZ:
FAZVM64 # config system global
(global)# set enc-algorithm low
(global)# set ssl-low-encryption enable
(global)# set oftp-ssl-protocol tlsv1.0
Thx
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- inter vdom from NAT vdom to... 73 Views
- Problem with VPN autoconnect 101 Views
- Ask - Use Fortigate - Web... 68 Views
- FG30E - restrict youtube not working 97 Views
- manual SFTP back up failed 102 Views
Labels
-
FortiGate
8,527 -
FortiClient
1,724 -
5.2
801 -
FortiManager
718 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
463 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
225 -
FortiWeb
201 -
5.0
196 -
IPsec
192 -
FortiNAC
181 -
FortiGuard
136 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
85 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
74 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
48 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
41 -
DNS
41 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
NAT
32 -
SSO
31 -
Interface
31 -
RADIUS
30 -
FortiConnect
28 -
FortiLink
27 -
FortiWAN
26 -
VDOM
26 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
21 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Intrusion prevention
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1666 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.