FortiAnalyzer connectivity on FortiGate inside VRF

MConrad · ‎03-27-2025

Hi everyone,

currently dealing with the following scenario: we're sending logs from a remote FortiGate to a centrally-hosted FortiAnalyzer via S2S VPN. Source interface on the FortiGate for logging is set to a loopback interface (via "set source-ip" command) - this is working perfectly fine.

Now we would like to transfer that communication into a dedicated VRF on the remote FortiGate so routing and IP adressing for the management/logging tunnel is completely seperate from production routing. In order to reach that goal we have moved the tunnel interface and the loopback interface into its own VRF (7). As soon as we do that, logging to the FortiAnalyzer isn't working anymore. We also tried setting "interface-selection-method" and "interface" inside "config log fortianalyzer" config to no avail.

Has anyone got this to work by chance?

Best regards,

Max

czamudio · ‎03-27-2025

Hi, can you ping from the root vdom?

try to debug the flow into Fortianalyzer

Cuauhtemoc Zamudio Technical Support Engineer – LATAM ETAC M-F 09:00-18:00 Hrs. Central Time T: +1 408-542-7780

MConrad · ‎03-28-2025

Hi, yes ping works fine (if I set "execute ping-options source <Loopback-IP>) and "debug flow" looks fine there as well.

I can't see any syslog going out to the FortiAnalyzer in "debug flow" as if it wasn't even trying (when dedicated VRF is being used).

czamudio · ‎03-28-2025

need to open a ticket

Cuauhtemoc Zamudio Technical Support Engineer – LATAM ETAC M-F 09:00-18:00 Hrs. Central Time T: +1 408-542-7780

FortiAnalyzer connectivity on FortiGate inside VRF

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website