Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
How do you change the interface that your firewall appliance uses to log (send) traffic to a Fortianalyser appliance? Mine is currently trying to use my Internet (first physical interface). Can you change this?If you' re in a multi-wan scenario, maybe you' ll need policy routes to reach your FAZ using the interface you want. Under 4.3.x fortiOS you have a new CLI command to control that
config log fortianalyzer setting set source-ip <address_ipv4> endHowever, by your signature you' re running 4.1.x Under such scenario you could try to force the interface on which your 1000A will detect your FAZ by using FDP protocol
config log fortianalyzer setting set fdp-interface <interface> endregards
regards
/ Abel
If the FAZ is in the routing table, there shouldn' t be an issuebut Are you sure the FAZ default gateway is set correctly? I' ve seen very weird things when the gateway is not set on the analyzer. you can rule out some of the above,m with pings between the 2 devices, and using the interface that you have configured ( FGT>>>FAZ or FAZ>>>FGT ) Also if you have the FAZ behind any FWs, make sure the fwpolicies are correct.
PCNSE
NSE
StrongSwan
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.