I noticed that when I enable "Security Fabric" on my fortigate, the ability to set a syslog server via the GUI goes away. However, I can still set the syslog for cli. I'm assuming that when I enable the fabric that all logs are now sent to the FAZ. If my thinking is not correct, could someone please enlighten me.
If that thinking is correct, is it better to forward logs from the FAZ to another syslog server of from the FGT via the CLI?
I did not test, but it seems you have this setup done: does the (log sending to) syslog stop woking in FortiGate with Security Fabric?
Considering the FortiGate sends logs to FAZ and Syslog, I expect the log traffic to double, and the workload on FortiGate to be increased. If by 'better' you mean to lower resource usage on FortiGate, then yes. Otherwise, if your FAZ is working at the limit, I guees FortiGate can take the responsibility. I guess it all depends on the devices.
User | Count |
---|---|
1954 | |
1146 | |
770 | |
447 | |
296 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.