Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
viniciusm
New Contributor

Created on ‎09-08-2022 08:23 AM Edited on ‎09-08-2022 08:25 AM

Fortigate HA Pair Syslog TCP TLS - Main node lose connection

Hello Everyone,

 

I'm having issues to receive logs from one of the Fortigate pair (the main one FTG01) via TCP TLS. I'm using a filebeat TCP input to receive these logs.

 

For some reason the FTG01 lose the connection with this input and it doesn't able to connect again, I only be able to receive the logs from the other FTG02, that doesn't lose the connection.

 

The logs only return after changing the syslog forwarding configuration, e.g. change the destination port to another and return it back.

 

Anyone had this issue before? Any ideas why it happening? Using TCPDUMP/Netstat , I only be able to see 1 single connection to my VM (which is the FTG02), I can't see attempts or failed connections.

 

Thanks

Labels:
171
0 Kudos
1 REPLY 1
gfleming
Staff
Staff

Created on ‎09-09-2022 09:19 PM

Is this active/passive configuration? Does it make a difference if FGT01 is master or slave?

Cheers,
Graham
137
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.