Hi
I have a fortigate 40F that is having problems communicating with the fortianalyser. When I perform a connectivity test I receive the "Unauthorized" message. I have already added the device to Fortianalyser.
The output of the "exec log fortianalyzer test-connectivity" command displays:
Failed to get FAZ's status. Authentication Failed. (-19)
The OFTPD debug in fortianalyser:
diag debug app oftpd 8 x.x.x.x
diag debug timestamp enable
diag debug enable
[OFTP_try_accept_SSL_connection:1831 x.x.x.x] SSL clienthello incoming on sockfd[56]
[OFTP_SSL_CTX_dft:1240 x.x.x.x] dft-idx=0 inited=1.
[__create_ssl_context:1666 x.x.x.x] SSL socket[56] pid[1846] ssl[0x15b7a60] SSL_new() success.
[__SSL_info_callback:301] before SSL initialization
[__SSL_info_callback:301] before SSL initialization
[server_sni_cb:1255] server_sni_cb(): sni='0x1434250/fortinet-ca2.fortinet.com'
[server_sni_cb:1269] -- SSL server got SNI: 'fortinet-ca2.fortinet.com', SSL_CTX located: 0xd963f0, idx=0
[__SSL_info_callback:301] SSLv3/TLS read client hello
[__SSL_info_callback:301] SSLv3/TLS write server hello
[__SSL_info_callback:301] SSLv3/TLS write change cipher spec
[__SSL_info_callback:301] TLSv1.3 write encrypted extensions
[__SSL_info_callback:301] SSLv3/TLS write certificate request
[__SSL_info_callback:301] SSLv3/TLS write certificate
[__SSL_info_callback:301] TLSv1.3 write server certificate verify
[__SSL_info_callback:301] SSLv3/TLS write finished
[__SSL_info_callback:301] TLSv1.3 early data
.
.
.
.
.
2023-10-26 08:11:10 [check_close_conn:3180 x.x.x.x] Warn Close the connection as the device was deleted.
2023-10-26 08:11:10 [oftpd_close_session:869 x.x.x.x] Client connection closed. Reason 0(OK)
2023-10-26 08:11:10 [OFTP_ssl_shutdown:2016 x.x.x.x] SSL pid[1846] ssl[0x140d210] shutting down sockfd[56] ip[192.168.14.254] connected[1]
2023-10-26 08:11:10 [OFTP_ssl_shutdown:2029 x.x.x.x] SSL_shutdown Error. SSL_get_error[1]
2023-10-26 08:11:10 [OFTP_ssl_shutdown:2032] Error error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
2023-10-26 08:11:10 [OFTP_destroy_SSL_context:2043 x.x.x.x] SSL socket[56] pid[1846] ssl[0x140d210] destroy_SSL_context
2023-10-26 08:11:10 [check_close_conn:3180 x.x.x.x] Warn Close the connection as the device was deleted.
2023-10-26 08:11:10 [oftpd_close_session:869 x.x.x.x] Client connection closed. Reason 0(OK)
2023-10-26 08:11:10 [OFTP_ssl_shutdown:2016 x.x.x.x] SSL pid[1846] ssl[0x17564d0] shutting down sockfd[55] ip[x.x.x.x] connected[1]
I had to run the "diagnose system fsck harddisk" command two days ago, I don't know if this has anything to do with the problem.
Fortigate: Version: FortiGate-40F v6.4.8,build1914,211117 (GA)
FortiAnalyser: Version : v7.4.1-build2308 230831 (GA)
thanks
Solved! Go to Solution.
Hi @mateusguilherme,
Has it worked before? Can you collect debugs on FortiGate as well? Please refer to this article to collect debugs and confirm MTU size: https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne...
Regards,
Hi @mateusguilherme,
Has it worked before? Can you collect debugs on FortiGate as well? Please refer to this article to collect debugs and confirm MTU size: https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne...
Regards,
Very strange. I opened Putty and started following the steps described in session 5 and mysteriously it started working again. I didn't understand what happened. Anyway, thank you very much for the reading suggestion.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.