Description |
This article describes how to troubleshoot connectivity between a FortiAnalyzer and FortiADC using an OFTP daemon process for connectivity, health check, file transfer, log display, etc. |
Scope | Fortianalyzer and FortiADC |
Solution |
After configuring the FortiAnalyzer from FortiADC, the FortiAnalyzer will receive a notification to authorize the FortiADC device. This article describes how to troubleshoot issues where a FortiAnalyzer did not receive the authorization notification and the status from FortiADC shows 'disconnected'.
Check the connectivity between both devices: diag sniffer packet any "host <FAZ_IP> and port 514" 4
exe telnet <FAZ_IP> 514
exe telnet 10.47.3.20 514 10.47.3.20
exe traceroute <FAZ_IP>
exe traceroute 10.47.3.20
exe ping <FAZ_IP>
FortiAnalyzer
diag sniffer packet any "host <FAZ_IP> and port 514" 4
exe ping <FortiADC_IP> exe ping 10.47.17.245 --- 10.47.17.245 ping statistics ---
execute traceroute <FortiADC_IP> execute traceroute 10.47.17.245
If connectivity functions as expected, run a debug to further check the issue.
On FortiADC:
diag debug module miglogd oft_detail set
index 0,fd 13 event 1 ......................... .......................... oftp_ssl_connect: vdom root,ssl done fd=66... ................................ Here, the debug results show FortiADC is able to reach the FortiAnalyzer, but there is no return response from the FortiAnalyzer device.
From FortiAnalyzer:
diag debug app oftpd 8 x.x.x.x (Where x.x.x.x is the FGT IP that connects to FAZ. Alternatively, a device name can be used. IP is preferable.)
diag debug app oftpd 8 10.47.17.245 diag debug enable [T3424:oftps.c:1831 :10.47.17.245] SSL clienthello incoming on sockfd[25] [T3424:oftps.c:1240 :10.47.17.245] dft-idx=0 inited=1. [T3424:oftps.c:1666 :10.47.17.245] SSL socket[25] pid[1580] ssl[0x561984d6db10] SSL_new() success. [T3426:oftps.c:1557 :10.47.17.245] ssl verify peer cert [T3426:oftps.c:1579 :10.47.17.245] Peer cert info, organizationName(o=Fortinet). [T3426:oftps.c:1582 :10.47.17.245] Peer cert info, CommonName(CN=FortiADCVM). [T3426:oftps.c:1843 :10.47.17.245] SSL_accept one client SUCCESS [ protocol : (772) TLS 1.3 ] [T3426:oftps.c:1875 :10.47.17.245] SSL socket[25] pid[1580] ssl[0x561984d6db10] SSL_accepted [T3422:oftps.c:1933 :10.47.17.245] SSL socket[25] pid[1580] ssl[0x561984d6db10] received [237] bytes: [T3422:main.c:4174 :10.47.17.245] handle LOGIN_REQUEST_LEGACY [T3426:login.c:3214 :10.47.17.245] host = 'Wira-kvm34' [T3426:login.c:3243 :10.47.17.245] Version: FortiADC-KVM v7.2.4,build0249,240112 (GA)
[T3426:login.c:3219 :10.47.17.245] vdom = 1 [T3426:oftps.c:1999 FADV010000XXXXXX:10.47.17.245] SSL socket[25] pid[1580] ssl[0x561984d6db10] sent [34] bytes: [T3428:login.c:422 FADV010000XXXXXX:10.47.17.245] add unregistered device id:FADV010000XXXXXX, device:Wira-kvm34, ha_mode:0, ha_group_name:. [T3428:login.c:2083 FADV010000XXXXXX:10.47.17.245] Warn Couldn't register DVM device due to can not register this device, error code -1002 [T3422:main.c:894 FADV010000XXXXXX:10.47.17.245] Client connection closed. Reason 0(OK) [T3422:oftps.c:2018 FADV010000XXXXXX8:10.47.17.245] SSL pid[1580] ssl[0x561984d6db10] shuting down sockfd[25] ip[10.47.17.245] connected[1] [T3422:oftps.c:2037 FADV010000XXXXXX:10.47.17.245] SSL_shutdown SUCCESS [T3422:oftps.c:2045 FADV010000XXXXXX:10.47.17.245] SSL socket[25] pid[1580] ssl[0x561984d6db10] destroy_SSL_context
Here, for some reason, the FortiAnalyzer could not register the FortiADC device. As a result, it will be necessary to manually add the FortiADC device serial number in FortiAnalyzer.
After the device has been added, the FWB will be seen in FortiAnalyzer.
Here, the status from FortiADC changed from 'disconnected' to 'connected':
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.