Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Log from FortiClient to FAZ 5.2.1

Hi,

 

I have some problems with viewing the logs from FortiClient on the FAZ 5.2.1 (FAZ 100C)

The submenu FortiClient is not showing up.

 

When swithing to FortiManager 5.2.1 I can see the FortiClient menu as expected.

 

Sniffing traffic shows that the Client is sending data to the FAZ.

 

Known bug ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
9 REPLIES 9
scao_FTNT
Staff
Staff

Hi, Carl

 

Not sure if you have added that FCT registered FGT device into FAZ?

 

Thanks

 

Simon

Carl_Wallmark
Valued Contributor

Hi Simon,

 

Yes I have, the fortigate is a 200D in HA (active-passive), using FortiOS 5.2.2 and FAZ is on 5.2.1 and FCT is on 5.2.3.

All logs are working great, but the FortiClient does not show up in the Analyzer. And using the same profile but changing the IP to a fortimanager with analyzer capabilities, shows the logs as expected.

 

I created a ticket this morning but no answer yet. Im wondering if this is bug ?

 

Thanks,

 

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
scao_FTNT
Staff
Staff

Hi, Carl, can you send me the ticket ID? and I will have a QA to follow up your case and update using your ticket

 

Thanks

 

Simon

Carl_Wallmark
Valued Contributor

In case you didn´t get my PM:

 

Ticket: 1318755

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
scao_FTNT
Staff
Staff

Hi, Carl,

 

QA reproduced FCT log issue registered with FGT HA and issue will be fixed in 5.2.2

 

QA also tested issue you mentioned for Standalone FGT100D, v5.2.2 and with FCT v5.2.3 + FAZ-VM64 v5.2.1, which FortiClient logging is working fine, see attached pic

 

if standalone FGT100D + FCT still not working on your side, can you help to update that ticket and we may need more info from your side

 

Thanks

 

Simon

Carl_Wallmark
Valued Contributor

Hi Simon,

 

I actually deleted the PM I sent you regarding standalone and FC.

Either I missconfigured the XML file or didn´t wait long enough for the logs to arrive, it is working as expected with a standalone fortigate.

 

I guess the issue is that it can not map the Fortigate to the FortiClient due to different name schema when in HA ?

 

Do you also have ETA for FAZ 5.2.2 ?

 

Thanks

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
kelv1n

Did you get this resolved in the end? We've got a similar issue.

Carl_Wallmark
Valued Contributor

Hi,

 

Yes, it´s a bug, and will be fixed in next patch.

 

If you use a standalone firewall it works as expected, but fails in HA.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
kelv1n

Are you actually seeing any FortiClient logs arriving at the FortiAnalyzer when you go to FortiView -> Log View -> Log Browse?

 

Our issue is we use FortiManager, and Support are telling us this issue does not affect FortiManager, which I don't buy, as I can't see them having a seperate code base. I'll try switching off HA.

 

Out of curiosity, can we remove the HA non-dispruptively?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors