Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yeowkm99
Contributor

Created on ‎11-27-2023 06:47 PM

TCP port 514 in FortiAnalyzer

During a recent VAPT security scanning, TCP port 514 was flagged out to be have weak SSL cert.

The recommendation was to get a propert SSL certificate for the appliance.

Can we disable port 514 on the Analyzer ?

my firmware version is 6.4.10. will upgrade to version 7.2 soon.

 

Contact the Certificate Authority to have the certificate reissued.
Purchase or generate a proper certificate for this service.
Labels:
773
0 Kudos
1 Solution
Debbie_FTNT
Staff
Staff

Created on ‎11-28-2023 12:50 AM

You can generate a certificate via Let's Encrypt for example, and use that instead (replace the server certificate in FortiAnalyzer system settings):

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/718606/provision-a-trusted-certificate-...

-> the guide is for FortiGate, but generating the certificate is very similar on FortiAnalyzer

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

740
4 REPLIES 4
srajeswaran
Staff
Staff

Created on ‎11-27-2023 08:48 PM

TCP port 514 on Fortianalyzer is used by fortigates to connect and send logs, unfortunately we cannot disable that.

https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/766616/fortianalyzer-open-por...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

754
Debbie_FTNT
Staff
Staff

Created on ‎11-28-2023 12:50 AM

You can generate a certificate via Let's Encrypt for example, and use that instead (replace the server certificate in FortiAnalyzer system settings):

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/718606/provision-a-trusted-certificate-...

-> the guide is for FortiGate, but generating the certificate is very similar on FortiAnalyzer

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
741
Edu_Master
New Contributor

Created on ‎03-19-2024 12:55 AM

Hello guys!

 

I'm trying to understand why my hosts conected to fortiEMS keep sending this logs to Fortianalyzer.

Can someone help me understand that, please!?

 

Captura de ecrã 2024-03-19 084844.png

276
0 Kudos
ozkanaltas
Contributor III
In response to Edu_Master

Created on ‎03-19-2024 01:20 AM

Hello @Edu_Master ,

 

If you configured "Upload Logs to FortiAnalyzer/FortiManager" in the endpoint profiles-> system settings. Your client wants to send their log to Fortianalyzer.

 

You can find more information about in this link.

 

https://docs.fortinet.com/document/forticlient/7.2.4/ems-administration-guide/107284/system-settings

 

 

image.png

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
270
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.