Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bimpek
New Contributor

IP SEC Site to Site VPN & FortiAnalyzer

Hello

 

I have problem with connection to my Analyzer and Security Fabric, since i'm new in this i will try to explain best i can.

 

I have 5 devices on 3 different locations:

1. Fortigate 2x 100E in HA with firmware 6.4.0 on my hq and Forti Analyzer 200F with os 6.2.5

2. FortiGate 30E with firmware 6.2.4 on my remote site 1

3. FortiGate 30E with firmware 6.2.4 on my remote site 2

 

So first thing i'v done i connect 100E HA with 200F for log collection

Than i set up VPN site to site wizzard with FG30E on site 1 , VPN is up Fabric connection is on, my Analyzer see FG30E but log status down. I'v checked policies, and VPN polices are nat off, service set to all, and none security profiles. Routings are fine.

 

Second thing i'v done i connect remote site 2 FG30E with 100E similar as site 1. VPN Tunel is up, Fabric connection cannot connect, and Analyzer 200F dont see device , but i can ping it from console. And i'm stuck here.

 

Both side lans see my HQ Servers, communication works perfect beetwen my sites.

 

Whats the difference ?

In all casses i use VPN to comunicate only with my Servers LAN on my HQ, internet for those sites are from 2 different ISP

 

Site1 is using wan configured as PPPoE and, LAN as hardware Switch on ports 1-4. (Static route entrys are only from VPN wizzard)

 

Site2 is using wan as static ip, LAN - port1 with 2 vlan networks (VPN is from one Vlan to HQ).

In addition to site1, i need to add static route since i'm using static ip wan <0.0.0.0/0:"gateway ip":interface wan> )

 

Also i'v checked policies on my HQ 100E, and everything is as it should be acording to coockbooks, tutorials etc.

 

Can You please help me, what i'm missing ?

1 REPLY 1
Bimpek
New Contributor

Sorry if i write like insane it's not my mother language.

 

So what i have done, i try console comand on my FG30E site2

 

config log fortianalyzer setting

set source-ip to my vlan int ip and now forti analyzer add this device.

 

So one problem is behind me.

 

Still i have problem with connecting to security fabric to my FG100E from Site2.

Fortianalyzer show me "log status of" on my site1 and site2 FG.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors