I have several FGTs sending logs to our central FAZ (VM), all running 5.2.x firmware.
The other day our FAZ vm was down for like several hours and then we found down that the logs (traffic, event, ...) from all FGTs is missing. I thought the logs during the FAZ down time were supposed to be kept at the FGT and then sent to the FAZ later once it comes back, but apparently that was not the case.
My question is how should it be supposed to behave like that? You know, one cannot guarantee that FAZ will be online all the time and never be down.
And in this case, what am I supposed to do to get all the missing logs from all the FGTs (about 20 of them) and import (or send) to the FAZ. I need an effective way to do it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.