Fortigate cannot send logs to second FAZ

aagrafi · ‎07-21-2018

Hello,

I deployed a second FAZ in my network and and after I added a FortiGate I noticed that it cannot send logs. The FortiGate was working for a couple of years with the first FAZ with no problem. However when configured fortianazer2 and added the FG to FAZ, the FG appears in the device manager but with the red spot indicating that no logs have received from that FG.

A second FG that I added is sending logs OK.

Can you tell me possible causes for the FG not been able to send logs to the second FAZ and where to look and fix them?

Thanks

Nicholas_Doropoulos · ‎07-22-2018

Hello,

There are two methods of registering a Fortigate to a FortiAnalyser. Would you mind sharing with us which one you used?

Are both devices in the same subnet? Can they ping one another?

Thanks.

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

brazz_FTNT · ‎07-23-2018

Hey,

Can you also send us the result of below commands:

get system status (on both FAZ and FGT)

config log fortianalyzer setting (On the FGT side)

get

config log fortianalyzer2 setting (On the FGT side)

get

Thanks

simonw · ‎08-03-2018

It might be that you have to specifically set which "source IP" the Fortigate should use to reach the FAZ.

See below from my FW config at home.

config log fortianalyzer setting set status enable set server "10.10.10.35" set source-ip "100.100.100.1" set upload-option 1-minute set reliable enable

Hope this is of any help.

Fortigate cannot send logs to second FAZ

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website