Forcing it... System - Feature Visibility : Local Out Routing (Enable) Security Fabric - Fabric Connectors - Logging & Analytics - Edit settings , and enable/configure FortiAnalyzer, it wont connect, can't get the serial number. Network - Local Out Routing - Edit Log FortiAnalyzer Setting to specify an interface you could ping the FortiAnalyzer from and forcing a source-ip...
Validating with "get log fortianalyzer setting" shows it's using the correct port and the source-ip is correct...
Take a sniffer by executing the following command: 'di sniffer packet any 'host x.x.x.x and port 541', where x.x.x.x is the IP of the FortiAnalyzer. We want to verify they are talking back and forth properly with your current settings.
Thanks for the answer and guidance. I'll So, at first I tryed the basic with the sniffer...
FortiAnalyzerVM 192.168.1.50 : sniff anything from FortigateVM, ping, and confirm it work. FortigateVM 10.0.1.50 : exec ping-options source 10.0.1.50, sniff anything from FortiAnalyzerVM, ping, and it works. (With the ping-options source parameter, more on that later).
Keep sniffing everything (not just port 541) from one another, and from the FortiAnalyzerVM, "add device" by adding the FortigateVM with the serial number : Answer "Device is added successfully."
There are no traffic at all between the two.
Just for fun, locally, I nmap (scan) the FortiAnalyzerVM ports, and 541 and 514 where closed. But the local Fortigate200F is working even without that.
So, I have changed the port configuration on the FortiAnalyzerVM to allow "Web Service" and "FortiManager".
Now, local network nmap FortiAnalyzerVM 192.168.1.50 , ports 541 and 514 are now open. Same for remote network nmap from the network 10.0.1.x, ports 541 and 514 are now open.
Maybe it's a bug , I have a feeling that the FortigateVM does not follow it's own config to force the connection from the source-ip parameter. Because it's it's using only the current routing tables, it wont work, just like the ping without the "ping-options source" option.
get log fortianalyzer setting FortigateVM # get log fortianalyzer setting status : enable ips-archive : enable server : 192.168.1.50 ... source-ip : 10.0.1.50 interface-select-method: specify interface : port2
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.