Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
akaratas
Staff
Staff

Created on ‎12-08-2023 01:06 AM Edited on ‎12-08-2023 02:00 AM By Moderator

Article Id 288317

Technical Tip: How to connect FortiGate to FortiAnalyzer cloud and troubleshoot connectivity issues

Description

 

This article describes how to connect FortiGate to FortiAnalyzer Cloud and troubleshoot connectivity issues.

 

Scope

 

FortiAnalyzer Cloud.

 

Pre-requirements:

FortiGate needs the licenses below.

 

FortiAnalyzer Cloud subscription:

FortiGate hardware

FC-10-[FortiGate Model Code]-585-02-DD

FortiGate-VM

FC-10-[FortiGate VM Model Code]-585-02-DD

 

For more information, visit the link below:

Licensing

 

Solution

 

  1.  Connect FortiGate to FortiAnalyzer Cloud.
  • Go to Log & Report --> Log Settings --> Enable Cloud Logging Settings.
  • Select FortiAnalyzer Cloud and Apply the changes.
 
 

1.PNG

  • Go to FortiAnalyzer Cloud and Authorized:

2.PNG

 

  • Go to Device Manager and Check Unauthorized Devices.
  • Select it and Authorize it.

3.PNG

  • Then Test Connectivity to see Connected.

On FortiGate:

4.PNG

On FortiAnalyzer:

5.PNG

 

  1. Troubleshooting connectivity.

    After saving the setting, check the below command on FortiGate CLI:

    exec log fortianalyzer-cloud test-connectivity

     

    When getting an error like below, check internet connectivity and FortiAnalyzer cloud connectivity.

    execute telnet fortianalyzer.forticloud.com 514

    execute ping fortianalyzer.forticloud.com

     

    Unknown host: fortianalyzer.forticloud.com

    Failed to get FortiAnalyzer Cloud's status. Hostname resolution failed. (-21)

    If there is no internet communication issue, check below sniffer outputs.

     

    To check if FortiGate has the correct contract and add the correct account, the below commands should be run.

     

    diagnose test update info

     

    To see the domain region, log quota, and daily volume to understand whether connectivity is correct and using the correct region, the below command should be run.

     

    diagnose test application forticldd 3

     

    On the FortiGate CLI:

     

    diag sniffer packet any 'host fortianalyzer.forticloud.com  and port 514' 6 0 l 


    On the FortiAnalyzer CLI:

     

    diag sniffer packet any 'port 514' 3 0 l 

 

If there is a need to report a support ticket, collect the below command outputs and share them in the ticket with the above outputs.

On FortiAnalyzer:

diag debug app oftpd 8 <FGT-IP>  <- Alternatively, a device name can be used. IP is preferable.
diag debug timestamp enable
diag debug enable  

 

On FortiGate:

diag test app miglogd 6

diag test app fgtlogd 4 (since 7.4.0 to replace diag test app miglogd 6)
diag log kernel-stats

 

Both FortiAnalyzer and FortiGate:

execute tac report

 

Related articles:

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity

Technical Note: How to create a log file of a session using PuTTY

Technical Tip: Ticket Creation via the Support Portal

Technical Note: FortiAnalyzer is not accepting logs, event log reports unable to accept logs from de...

Technical Note: Traffic Types and TCP/UDP Ports used by Fortinet Products

Troubleshooting Tips: No logs received on FortiAnalyzer

Technical Tip: How to setup a custom certificate regarding OFTP protocol

667
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.