Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andrei
New Contributor

How to connect 3 Fortigate to 1 FortiAnalyzer

Hi all, I have 6 Fortigate 60C connected through VPN with one Fortigate 1000C. I would like to set logs & reports for all those devices to be sent to our FortiAnalyzer 1000C. I want to know if it is possible or not and also how to solve out that issue " Cannot connect to the FortiAnalyzer" . Regards,
Network & System Engineer OLAM GABON SA
Network & System Engineer OLAM GABON SA
4 REPLIES 4
sonay
New Contributor

Hi! Check this via the CLI on your Fortigate. config log fortianalyzer setting set source-ip <address_ipv4> Under source-ip you should enter your WAN IP. Regards Attila
Dave_Hall
Honored Contributor

Hi Andrei. Just to be clear -- these six Fortigates are connected via VPN to a " main" Fortigate 1000C and the FortiAnalyzer 1000C is located where? -- on the same network as the Fortigate 1000C? If the FortiAnalyzer device doesn' t have an " outside" IP for these six Fortigate to connect to, then you will likely need to set up a route policy or static route directing these Fortigates to use the VPN tunnel, to reach the FortiAnalyzer. Make sure the FortiAnalyer is allowing these Fortigates to connect. (Global ADOM/-> " Devices/All Devices/Unregistered Options" .) See if you can ping the FortiAnalyer' s IP address from each Fortigate.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
andrei
New Contributor

I have chekched via the CLI and configure the fortiAnalyzer log but I am still getting the same error message : " Cannot connect to the FortiAnalyzer" . I am just able to connect one Fortigate to the FortiAnalyzer.
Network & System Engineer OLAM GABON SA
Network & System Engineer OLAM GABON SA
ribok
New Contributor

Hi! Check this via the CLI on your Fortigate. diag sniffer packet any ' port 514' Then you see from which ip FGT sends packet You should set source-ip your ip-interface which is permitted to connection via vpn ( branches )
Labels
Top Kudoed Authors