Connect remote FGT to Analyzer

yeowkm99 · ‎06-15-2023

i am trying to connect the FG50F in my remote office to the FAZ300G in my data centre.

Currently the remote office is connecte via IPsec site-to-site VPN.

what are the ports i need to open up in order for the FG50F to send logs to the FG300G ?

srajeswaran · ‎06-15-2023

Port 514 TCP and UDP.

https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne...

OFTP uses TCP/514 for connectivity, health check, file transfer and log display from FortiGate.

Log communication happens over either TCP OR UDP 514:

- TCP/514 is used for log transmission with the reliable option enabled.
- UDP/514 is used for log transmission with the reliable option disabled.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

yeowkm99 · ‎06-15-2023

i am getting this error when i connect to the FAZ

srajeswaran · ‎06-15-2023

are you able to ping the FortiAnalyzer IP? If ping works, please try telnet on port 514. We need to make sure the connectivity is fine.

Below article explains the step by step procedure to check the connectivity.

https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

yeowkm99 · ‎06-15-2023

# get log fortianalyzer setting
status : disable
certificate :

FGT50E # execute log fortianalyzer test-connectivity
No FAZ is enabled.

srajeswaran · ‎06-15-2023

# config log fortianalyzer setting

(setting) # set status enable ===> Here

(setting) # set server x.x.x.x

(setting) # end

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

knagaraju · ‎06-15-2023

Hello Yeowkm99

May I know if you are able to ping fortianalyzer IP from Fortigate?
If you are able to ping then please try to check if the communication port is open on Fortianalyzer. Trying doing telnet from fortigate to fortianalyzer.

Regards
Nagaraju.

knagaraju · ‎06-15-2023

Hello Yeowkm99

Please check the routing-table entry for fortianalyzer IP address.
Also please check that the traffic is going via correct outgoing interface.
If the fortigate is in HA then make sure that HA direct is enabled.

Regards
Nagaraju.

yeowkm99 · ‎07-19-2023

my remote office housing the FG50F is now completely setup.

my servers there can reach back to data centre and vice versa.

But the strange thing is my FG50F at the remote office still cannot reach my FAZ in DC.

ping from DC servers to remote FG50F is working, but i cannot ping direct from my FG401E at DC to FG50F.

servers at remote office can ping FAZ in DC, only the FG50F cannot. traceroute also fails.

FGT50F # execute traceroute 172.16.0.71
traceroute to 172.16.0.71 (172.16.0.71), 32 hops max, 3 probe packets per hop, 84 byte packets
1 * * *
2 * * *
3 * * *

trace route from remote office server

>tracert 172.16.0.71

Tracing route to 172.16.0.71 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.32.0.1
2 4 ms 4 ms 4 ms 192.168.1.99
3 4 ms 4 ms 4 ms 172.16.0.71

sjoshi · ‎07-19-2023

Dear yeowkm99,

Whenever you are trying to ping is directly from FGT, it is recommended to use source Ip and source interface.

For example.

execute ping-options source x.x.x.x >> one of the lan IP which is allowed in ipsec

execute ping-options interface <int_name> >> one of the lan int

exec ping x.x.x.x >> dst ip

Thanks

Salon Raj Joshi