Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kush_Patel
Staff
Staff

Created on ‎12-04-2023 06:06 AM

Article Id 287314

Technical Tip: FortiAnalyzer Cloud is grayed out even though FortiAnalyzer Cloud entitlement is purchased or included in the license

Description

This article describes how to enable the FortiAnalyzer Cloud option for logging on the FortiGate.

Even though FortiAnalyzer Cloud entitlement is included in the license, the FortiAnalyzer Cloud option is grayed out in the Logging Settings on the Fabric Connectors page of FortiGate.
Scope

FortiGate v7.2 and above, FortiAnalyzer Cloud.
Solution

greyedout.png

 

When trying to enable this option for CLI, it gives the following error:

 

config log fortianalyzer-cloud setting

(setting) # set status enable

Cannot enable both FortiGate Cloud and FortiAnalyzer Cloud at the same time.

node_check_object fail! for status enable

 

value parse error before 'enable'

Command fail. Return code -7

 

FortiGate will not allow to have FortiGate Cloud and FortiAnalyzer Cloud at the same time. So FortiGate must log out from FortiGate Cloud. A confirmation with a warning message will appear as follows:

 

 logout.png

 

Once successfully logged out, FortiAnalyzer Cloud can be enabled through CLI as follows:

 

config log fortianalyzer-cloud setting

(setting) # set status enable

(setting) # end

 

The Serial Number for FortiAnalyzer is not entered.

To verify identity of FortiAnalyzer serial number is needed.

If serial number is not set, connection will be set as unverified and

access to local config and files will be accessible only with user name/password.

FortiGate can establish a connection to obtain the serial number now.Do you want to try to connect now? (y/n)y

  

Unknown host: fortianalyzer.forticloud.com

Failed to get certificate information.

Do you want to try to connect now? (y/n)y

 

   Obtained serial number from X509 certificate of Fortianalyzer is: FAZVCXXX11111111

   Serial number from certificate MUST be the same as serial number observed in Fortianalyzer.

   If these two serial numbers don't match, connection will be dropped.

   Please make sure the serial numbers are matching.

   In case that Fortianalyzer is using a third-party certificate, certificate verification must be         disabled.

   Do you confirm that this is the correct serial number? (y/n)y

 

   This FortiGate unit does not have a valid FortiAnalyzer Cloud License.

   This feature will not work without a valid license.

   serial to be set: FAZVCXXX11111111

#

  

After this step, the FortiGate device must be authorised from FortiAnalyzer Cloud.

 

connected.png
749
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.