Hi all,
I am using two fortigate 500E(HA) with firmware 6.2. when I setting fortianalyzer. I want to use a specified IP as source-ip, but it didn't work.
FGT(setting) # set source-ip 192.168.1.1 192.168.1.1 is not valid source ip. node_check_object fail! for source-ip 192.168.1.1
value parse error before '192.168.1.1 Command fail. Return code -8
How to set fortianalyzer source-ip with fortigate-HA???
Anyone had any ideas?
thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There are restrictions which address can be specified here - it needs to be a valid address assigned to an interface of the FGT. Is that true for 192.168.1.1 on your FGT?
No,192.168.1.1 is not on FGT. FGT is a seperate vdom, there are two IP on it(one for master and one for slave).
So we must use the common IP as fortianalyzer source-ip. and that's where I get confused
I'm not sure that I wholly understand your problem.
When you configure a cluster to report to an FAZ, and authorize this on the FAZ, you will see 2 devices reporting. Each is identified by it's serial number. But, in general, a cluster will only use one IP address. This makes sense as only the master unit will communicate with the FAZ, regardless of the HA mode (a-p or a-a).
I thought you were talking about how to substitute the cluster IP address for another address (for whatever reasons). For local-out traffic a FGT usually chooses the interface address of the interface it uses to connect to the FAZ as source address.
If that doesn't answer your question then please explain a bit further what you want to achieve.
the configuration show as below:
FGT_Master(global) # config system global FGT_Master(global) # set management-vdom MGMT
FGT_Master:
config system interface edit "mgmt" set vdom "MGMT" set ip 192.168.91.21 255.255.255.0 set allowaccess ping https ssh http set type physical set alias "HA_Dedicated_MGMT" set role lan set snmp-index 2 next config router static edit 1 set gateway 192.168.91.254 set device "mgmt" next FGT_Slave: config system interface edit "mgmt" set vdom "MGMT" set ip 192.168.91.22 255.255.255.0 set allowaccess ping https ssh http set type physical set alias "HA_Dedicated_MGMT" set role lan set snmp-index 2 next config router static edit 1 set gateway 192.168.91.254 set device "mgmt" next ------------------------------------------------------------------------------------------------------------------------- The MGMT vdom is only for management traffic. In other words, a cluster will have two IP address for management
For fortianalyzer setting , can only allow IP in MGMT vdom as the source address?
It is works When I use 192.168.91.21 or 192.168.91.22 as source-ip
FGT(setting) # set source-ip 192.168.91.21
So FAZ only can record 192.168.91.21 or 192.168.91.22 logging at the same time
So I can't use the management-vdom 's IP as FAZ source-ip...
I have to use the IP shared by master and slave
For local-out traffic, the FGT will use the MGMT VDOM. If you only have one interface defined in it, this will be the source address for logging traffic.
I haven't used this before but maybe this will work:
in the VDOM "MGMT", create a loopback address (network / interface / create / type: loopback). Assign a valid IP address to it, like 192.168.91.30/24 so that the route matches. You should then be able to specify this address as source address on both members, in fact, after setting it on the master it should be synchronized to the slave immediately.
FGT_Master(global) # set management-vdom MGMT
I don't quite understand. if set vdom "MGMT" as management-vdom. loopback address will not synchronize to slave?
I have tried to create a loopback address like 192.168.91.30/24,but it fail..It is conflicts with 'mgmt' subnet..
Hi All ,
Please Peform Pre-Check for Fortigate to Forti analyzer connectivity the below
[ol]Also Refer the KB Article from Troubleshooting Tip from FortiGate to FortiAnalyzer connectivity
https://kb.fortinet.com/k....do?externalID=FD41272
To be specific there is no special requirement on setting up a fort analyzer with Fortigate-HA .
Once Fortigate Firewall HA configured on the primary unit, secondary unit should be in sync automatically and then configure the Forti analyzer logs settings on the primary firewall which will be replicated to the secondary unit as well .
You can check it using get Forti analyzer log-settings command on the primary unit:
*get fortianalyzer log-settings*
login to the secondary HA unit using command from the primary unit to secondary unit .
*get system ha status*
*execute ha manage <HA ID>*
*get fortianalyzer log-settings*
Hope this helps .
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.