Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
5q46n2te8jPWJY
New Contributor III

Connect Fortigate to a remote FortiAnalyzer

Hello,

 

I'm trying to connect my FortiGate to FortiAnalyzer.

 

Diagramme sans nom.drawio2.png

My FortiAnalyzer(10.10.0.3) VM is in VLAN 10, directly connected to FortiGate A (10.10.0.254). I successfully connected FortiGate A to FortiAnalyzer.

 

My problem is with FortiGate B. I created an IPsec tunnel between FortiGate A and FortiGate B and created rules (any to any) to allow traffic between VLAN 10 (A) and VLAN 40 (B), but I can't contact FortiAnalyzerfrom FortiGate B (10.40.0.254).

 

On Fortigate B, if I want to ping FortiAnalyzer, I have to execute ping-options source 10.40.0.254. If I don't, it don't ping...

 

Do you have any ideas?

 

Thanks  ! 

1 Solution
ozkanaltas
Valued Contributor II

Hello @5q46n2te8jPWJY ,

 

Did you try to configure the source IP address on the FortiAnalyzer configuration? 

 

config log fortianalyzer setting
set source-ip 10.40.0.1
end

 

And also can you see 514 packages on FortiGate A? 

 

You can check that with this command. 

 

diagnose sniffer packet <IPSEC_NAME> 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2 REPLIES 2
ozkanaltas
Valued Contributor II

Hello @5q46n2te8jPWJY ,

 

Did you try to configure the source IP address on the FortiAnalyzer configuration? 

 

config log fortianalyzer setting
set source-ip 10.40.0.1
end

 

And also can you see 514 packages on FortiGate A? 

 

You can check that with this command. 

 

diagnose sniffer packet <IPSEC_NAME> 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
5q46n2te8jPWJY

You rock ! 

 

Setting source IP did the trick.

 

Have a nice day !

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors