Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mandalorian
New Contributor III

Created on ‎06-30-2025 03:19 AM Edited on ‎07-01-2025 03:01 AM By Community Manager

FortiIsolator add to FAZ

I have a FortiIsolator in version 2.4.7 build 1120  I'm trying to hook it up to my FAZ in version 7.2.10 build 1682 but I'm having problems after hooking the device up to the FortiAnalyzer.

Below are the test already done:

- Release compatibility between products (matrix rules). OK

- Firewall policies enabled via Fortigate under my management, traffic ok enabled protocols list: ICMP, UDP/514 and TCP/514. OK

- Routing between FAZ and FortiIsolator ping ok, routing is managed by my Fortigate where the above policies are also present. OK

- FortiIsolator setting under LOG -> REMOTE SERVER

Immagine senza nome.png

 

 

 

 

 

 

 

faz2025.jpg

 

 

 

 

 

 

 

 

 

 

 

 

Fault description

 

See below the hook from FAZ to FortiIsolator the error found

 

FIS FASE1.jpg

 

 

 

 

 

FIS2.jpg

 

 

 

 

 

 

 

 

 

FIS3.jpg

 

 

 

 

 

 

 

 

 

 

 

Is it possible that I'm doing something wrong or maybe the connection with FortiIsolator has to be done differently than the classic Fortigate ?

 

Thanks in advance!

 

FortiAnalyzer #FortiIsolator

 

349
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎07-29-2025 09:24 AM

Hi Mandalorian

 

When you add a syslog device you don't add it this way.

Once you configure the device to send syslogs to FAZ, once FAZ starts to receive the first log you should see a new alarm in FAZ's top-right corner.

 

faz1.png

 

Click on the alarm to authorize the device, then go to Unauthorized Devices menu to complete the process.

 

faz2.png

 

Once done you can see the logs in the log view section.

 

This is the way.

AEK
AEK
215
Mandalorian
New Contributor III
In response to AEK

Created on ‎07-31-2025 06:40 AM Edited on ‎07-31-2025 06:42 AM

Hi AEK,

We tried the procedure you recommended, and we generated event logs but on our FAZ we don't find any notifications on the root vdom under unauthorized devices.
Is it possible that I'm doing something wrong with the FortiIsolator configuration under LOG -> REMOTE SERVER ?
If you have any suggestions, we're ready to test them.

I would like to add that the IP set on the FortiIsolator is related to the VIP of the interfaces between the two FAZs (HA type is active-passive).

Thanks in advance!

FortiAnalyzer #FortiIsolator

168
0 Kudos
AEK
SuperUser
SuperUser
In response to Mandalorian

Created on ‎07-31-2025 07:26 AM

Hi Mandalorian

Use the following command on FAZ to check if it is receiving syslog messages from FIS.

diag sniffer packet any 'host x.x.x.x' 4

Where x.x.x.x is FIS' IP.

This is the way

AEK
AEK
164
0 Kudos
filiaks1
Contributor II

Created on ‎07-31-2025 12:24 AM

So as @AEK mentioned this is like adding 3-rth party device Technical Note: How to add a third party ... - Fortinet Community

196
VinayHM
Staff
Staff

Created on ‎07-31-2025 01:30 AM

Authorize the device

Vinay HM
189
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.