FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acvaldez
Staff
Staff
Article Id 193591

Description
This article shows that it is necessary to use management VDOM to communicate to FortiAnalyzer on FortiGate settings.

Solution
Diagram.



 
 
- The 'FAZ_VDOM' on FortiGate has the direct connection towards FortiAnalyzer.
- But on this scenario the management VDOM is the 'ROOT VDOM'.
- With that if  fabric connector is configured for FortiAnalyzer on FortiGate, it will automatically use the root VDOM to reach the FortiAnalyzer which will fail.

Image 1 showing that the root VDOM is the management VDOM.
 
 

 
 
Image 2 showing that FortiAnalyzer is configured on the FortiGate fabric connector for logging.
 
 

 
 
Image 3 showing that the connectivity failed.
 
 

 
 
 
- If the approach here is to change the source IP of the FortiGate FortiAnalyzer setting using IP of 'FAZ_VDOM' that will not work because the management VDOM is still the root VDOM.

Here is an image for that:
 
 

 
 
- The right approach is  to change first the management VDOM from 'ROOT VDOM' to 'FAZ_VDOM' on the scenario, by going to GLOBAL -> SYSTEM -> VDOM, select FortiAnalyzer VDOM, select 'SWITCH MANAGEMENT' and select 'OK'.
 
 
 
 
- After that, FAZ_VDOM  will be visible as the management VDOM.
 
 

 
 
- FortiGate can now reach the FortiAnaylzer without any issue and can now also 'source-ip' of the FortiAnalyzer setting on FortiGate to the interface IP where the FortiAnalyzer is directly connected.
On this case it is 10.115.2.10 by running this command.
 
 
 
 
- FortiGate request can now be seen on the FortiAnalyer and just authorize it.
 
 

 
 
- Here is the Final result run.
# exec log fortianalyzer test-connectivity


 

Contributors