Hello,
I deployed a second FAZ in my network and and after I added a FortiGate I noticed that it cannot send logs. The FortiGate was working for a couple of years with the first FAZ with no problem. However when configured fortianazer2 and added the FG to FAZ, the FG appears in the device manager but with the red spot indicating that no logs have received from that FG.
A second FG that I added is sending logs OK.
Can you tell me possible causes for the FG not been able to send logs to the second FAZ and where to look and fix them?
Thanks
Hello,
There are two methods of registering a Fortigate to a FortiAnalyser. Would you mind sharing with us which one you used?
Are both devices in the same subnet? Can they ping one another?
Thanks.
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
Hey,
Can you also send us the result of below commands:
get system status (on both FAZ and FGT)
config log fortianalyzer setting (On the FGT side)
get
config log fortianalyzer2 setting (On the FGT side)
get
Thanks
It might be that you have to specifically set which "source IP" the Fortigate should use to reach the FAZ.
See below from my FW config at home.
config log fortianalyzer setting set status enable set server "10.10.10.35" set source-ip "100.100.100.1" set upload-option 1-minute set reliable enable
Hope this is of any help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.