Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hoyty
New Contributor

Upgrade 5.2.9 -> 5.4.3 now Fortigate can't send logs?

I upgraded from 5.2.9 -> 5.4.3 on my FortiAnalyzer and everything seemed to go fine with DB rebuild. The FG is shown under devices and appears to be detected SN, FW ver, IP, etc. However the link for logs to be forwarded seems to be broken. I feel like I am missing something simple, maybe something that needs to be re-initialized after upgrade but I can't find? Any ideas?

4 REPLIES 4
hoyty
New Contributor

I just figured it out with tech support. In 5.2 secure tunnels used ipsec, in 5.4 they use SSL. On the FG you must switch the encryption type from ipsec to ssl. Here are commands (with IP and Serial removed):

config log fortianalyzer setting (setting) # get status : enable ips-archive : enable server : FAZIP encrypt : enable psksecret : * localid : SN conn-timeout : 10 monitor-keepalive-period: 5 monitor-failure-retry-period: 5 source-ip : 0.0.0.0 upload-option : realtime reliable : enable (setting) # set encrypt disable (setting) # set enc-algorithm default (setting) # set reliable enable (setting) # show config log fortianalyzer setting set status enable set server FAZIP set localid "SN" set upload-option realtime set reliable enable end (setting) # end

 

Hopefully that helps in case anyone else runs into issue.

emnoc
Esteemed Contributor III

Yeap , you have to read the release notes ;)

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
hoyty
New Contributor

Hmm I did twice, but now that you mention it just went back and re-read. Don't know how I missed that. Further don't know why it took support multiple contacts to tell me that. Oh well.

emnoc
Esteemed Contributor III

Will that's FTNT support for you ;)

 

IIRC I remember I was bitten by this also, but a log or alert generate that it was failing due to this feature eliminations.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors