Description
This article shows that it is necessary to use management VDOM to communicate to FortiAnalyzer on FortiGate settings.
Solution
Diagram.
- The 'FAZ_VDOM' on FortiGate has the direct connection towards FortiAnalyzer.
- But on this scenario the management VDOM is the 'ROOT VDOM'.
- With that if fabric connector is configured for FortiAnalyzer on FortiGate, it will automatically use the root VDOM to reach the FortiAnalyzer which will fail.
Image 1 showing that the root VDOM is the management VDOM.
Image 2 showing that FortiAnalyzer is configured on the FortiGate fabric connector for logging.
Image 3 showing that the connectivity failed.
- If the approach here is to change the source IP of the FortiGate FortiAnalyzer setting using IP of 'FAZ_VDOM' that will not work because the management VDOM is still the root VDOM.
Here is an image for that:
- The right approach is to change first the management VDOM from 'ROOT VDOM' to 'FAZ_VDOM' on the scenario, by going to GLOBAL -> SYSTEM -> VDOM, select FortiAnalyzer VDOM, select 'SWITCH MANAGEMENT' and select 'OK'.
- After that, FAZ_VDOM will be visible as the management VDOM.
- FortiGate can now reach the FortiAnaylzer without any issue and can now also 'source-ip' of the FortiAnalyzer setting on FortiGate to the interface IP where the FortiAnalyzer is directly connected.
On this case it is 10.115.2.10 by running this command.
- FortiGate request can now be seen on the FortiAnalyer and just authorize it.
- Here is the Final result run.
# exec log fortianalyzer test-connectivity