Log from FortiClient to FAZ 5.2.1

Carl_Wallmark · ‎02-01-2015

Hi,

I have some problems with viewing the logs from FortiClient on the FAZ 5.2.1 (FAZ 100C)

The submenu FortiClient is not showing up.

When swithing to FortiManager 5.2.1 I can see the FortiClient menu as expected.

Sniffing traffic shows that the Client is sending data to the FAZ.

Known bug ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

scao_FTNT · ‎02-02-2015

Hi, Carl

Not sure if you have added that FCT registered FGT device into FAZ?

Thanks

Simon

Carl_Wallmark · ‎02-02-2015

Hi Simon,

Yes I have, the fortigate is a 200D in HA (active-passive), using FortiOS 5.2.2 and FAZ is on 5.2.1 and FCT is on 5.2.3.

All logs are working great, but the FortiClient does not show up in the Analyzer. And using the same profile but changing the IP to a fortimanager with analyzer capabilities, shows the logs as expected.

I created a ticket this morning but no answer yet. Im wondering if this is bug ?

Thanks,

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

scao_FTNT · ‎02-02-2015

Hi, Carl, can you send me the ticket ID? and I will have a QA to follow up your case and update using your ticket

Thanks

Simon

Carl_Wallmark · ‎02-02-2015

In case you didn´t get my PM:

Ticket: 1318755

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

scao_FTNT · ‎02-04-2015

Hi, Carl,

QA reproduced FCT log issue registered with FGT HA and issue will be fixed in 5.2.2

QA also tested issue you mentioned for Standalone FGT100D, v5.2.2 and with FCT v5.2.3 + FAZ-VM64 v5.2.1, which FortiClient logging is working fine, see attached pic

if standalone FGT100D + FCT still not working on your side, can you help to update that ticket and we may need more info from your side

Thanks

Simon

Carl_Wallmark · ‎02-04-2015

Hi Simon,

I actually deleted the PM I sent you regarding standalone and FC.

Either I missconfigured the XML file or didn´t wait long enough for the logs to arrive, it is working as expected with a standalone fortigate.

I guess the issue is that it can not map the Fortigate to the FortiClient due to different name schema when in HA ?

Do you also have ETA for FAZ 5.2.2 ?

Thanks

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

kelv1n · ‎02-14-2015

Did you get this resolved in the end? We've got a similar issue.

Carl_Wallmark · ‎02-15-2015

Hi,

Yes, it´s a bug, and will be fixed in next patch.

If you use a standalone firewall it works as expected, but fails in HA.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

kelv1n · ‎02-16-2015

Are you actually seeing any FortiClient logs arriving at the FortiAnalyzer when you go to FortiView -> Log View -> Log Browse?

Our issue is we use FortiManager, and Support are telling us this issue does not affect FortiManager, which I don't buy, as I can't see them having a seperate code base. I'll try switching off HA.

Out of curiosity, can we remove the HA non-dispruptively?

Log from FortiClient to FAZ 5.2.1

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website