Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lopri1
New Contributor

FAZ Secure Connections

My secure connections seem to be all over the place. Up then down. Is this normal? I just setup 400+ and am thinking I may have made a wrong decision. Anyone have a similar problem or fix? Respectfully.... Richard
Richard
Richard
4 REPLIES 4
cgofish
New Contributor

Just had to deal with this as well. On the FAZ it uses the FGT serial # as the ID by default. Check Secure Connection Add the PSK On the FGT: config log fortianalyzer setting set status enable set server 6.6.6.6 set encrypt enable set psksecret MatchingPSK set localid " FWF60C3G99999999" end My Faz was reporting UDP 500 as unreachable for some reason - reboot corrected that.
AtiT
Valued Contributor

Hi, I do not have the " psksecret" option on my FGT80C v5.0.7. Did I missed something in the configuration? LAB_LUX (setting) # set status Enable/disable FortiAnalyzer. ips-archive Enable/disable IPS packet archive. *server IP address of the remote FortiAnalyzer. enc-algorithm Enable/disable sending of FortiAnalyzer log data with SSL encryption. localid Local ID for IPsec tunnel to FortiAnalyzer. conn-timeout FortiAnalyzer connection time-out in seconds (for status and log buffer). monitor-keepalive-period Time between OFTP keepalives in seconds (for status and log buffer). monitor-failure-retry-period Time between FortiAnalyzer connection retries in seconds (for status and log buffer). source-ip Source IP address of FortiAnalyzer. upload-option Enable/disable logging to hard disk and then upload to FortiAnalyzer. reliable Enable/disable reliable logging to FortiAnalyzer. LAB_LUX (setting) #

AtiT

AtiT
cgofish
New Contributor

Forgot a hidden/default command: set enc-algorithm disable ....which seems to not make sense but it then allows you to set the remaining commands. config log fortianalyzer setting set status enable set server 6.6.6.6 set enc-algorithm disable set encrypt enable set psksecret MatchingPSK set localid " FGT60C99999999" set upload-option realtime set reliable enable end
AtiT
Valued Contributor

It works. Thank you!

AtiT

AtiT
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors