- Fabric Configuration from the FortiGate side:
2. Fabric configuration on FortiNAC:
Go to Network -> Service Connectors, select 'Create New -> Syslog/Messaging.
After selecting 'OK', the FortiNAC should show as 'Connected' if 'Device authorization' is edited on FortiGate as in the above screenshot.
Now for troubleshooting:
- Enable the below debug:
nacdebug -name SecurityFabricManager true
2. Delete FortiNAC from Security Fabric -> Fabric Connectors, edit Security Fabric Setup, and edit 'Device authorization'.
3. Delete From FortiNAC the Security Fabric Connection under Network -> Service Connectors.
4. Re-add FortiNAC to Security Fabric -> Fabric Connectors, edit Security Fabric Setup, and edit 'Device authorization'.
5. Create a new Security Fabric Connection under Network -> Service Connectors on FortiNAC.
6. Wait like 5 minutes then grab the snapshot logs using the below command and attach them to the ticket:
grab-log-snapshot
Check the following link to see how to copy the generated logs to the desktop and then upload them to the ticket:
Technical Tip: How to get a debug log report from FortiNAC.
7. Disable debug:
nacdebug -name SecurityFabricManager
Troubleshooting for FortiNAC side:
If 'tf /bsc/logs/output.master | egrep “<fgt-ip>| SecurityFabricManager| fortinet.csf'
It is possible to see the below output
Waiting For Authorization:
yams.fortinet.csf INFO :: 2023-06-15 08:25:29:682 :: #35636132 :: /10.10.40.1:8013 Waiting for Authorization
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:682 :: #35636132 :: statusUpdate() ip = 10.10.40.1 message = Waiting for Authorization
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:682 :: #758 :: statusUpdate() executorService.run() ip = 10.10.40.1 message = Waiting for Authorization
yams.fortinet.csf FINE :: 2023-06-15 08:25:29:682 :: #35636132 :: ##upstream_ssl_connect()
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:683 :: #758 :: statusUpdate() executorService.run() found 10.10.40.1
yams.fortinet.csf FINE :: 2023-06-15 08:25:29:685 :: #35636132 :: aliases = [xxxxxxxeaf9e284e92e0e3f905, xxxxxxxda116261cddc7a8b67a9,] ç this should be the license certificate
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:686 :: #631 :: reloadTelemetryDevices()
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:687 :: #631 :: reloadTelemetryDevices() devices = [TelemetryDevice
Version:[0]
Device IP:[10.10.40.1]
Device Port:[8013]
Device Status:[Waiting for Authorization]
The device is successfully connected to the Security Fabric:
yams.fortinet.csf FINE :: 2023-06-15 08:25:29:687 :: #35636132 :: Trying SSL certificate: Printing certificate: xxxxxxxda116261cddc7a8b67a9
Valid From Mon Jan 18 10:00:10 CET 2021
Valid To Tue Jan 19 04:14:07 CET 2039
Subject EMAILADDRESS=support@fortinet.com, CN=FNVMCATM00001, OU=FortiNAC, O=Fortinet, L=Sunnyvale, ST=California, C=US
Issuer EMAILADDRESS=support@fortinet.com, CN=support, OU=Certificate Authority, O=Fortinet, L=Sunnyvale, ST=California, C=US
sha1 xxxxxxxda116261cddc7a8b67a9
yams.fortinet.csf INFO :: 2023-06-15 08:25:29:693 :: #35636132 :: SSL handshake was successful! ip = 10.10.40.1
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:693 :: #35636132 :: statusUpdate() ip = 10.10.40.1 message = SSL handshake was successful
yams.fortinet.csf FINE :: 2023-06-15 08:25:29:693 :: #35636132 :: userEventTriggered() SslHandshakeCompletionEvent(SUCCESS)
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:693 :: #758 :: statusUpdate() executorService.run() ip = 10.10.40.1 message = SSL handshake was successful
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:694 :: #758 :: statusUpdate() executorService.run() found 10.10.40.1
yams.fortinet.csf FINE :: 2023-06-15 08:25:29:694 :: #35636132 :: ##process_auth_reply() ACCEPT
yams.fortinet.csf INFO :: 2023-06-15 08:25:29:694 :: #35636132 :: Connected. ip = 10.10.40.1
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:694 :: #35636132 :: statusUpdate() ip = 10.10.40.1 message = Connected
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:698 :: #758 :: statusUpdate() executorService.run() ip = 10.10.40.1 message = Connected <== Connection Established
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:698 :: #463 :: reloadTelemetryDevices()
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:698 :: #463 :: reloadTelemetryDevices() devices = [TelemetryDevice
Version:[0]
Device IP:[10.10.40.1]
Device Port:[8013]
Device Status:[SSL handshake was successful]
]
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:698 :: #758 :: statusUpdate() executorService.run() found 10.10.40.1
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:702 :: #463 :: reloadTelemetryDevices()
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:29:703 :: #463 :: reloadTelemetryDevices() devices = [TelemetryDevice
Version:[0]
Device IP:[10.10.40.1]
Device Port:[8013]
Device Status:[Connected]
If a disconnection appeared after a few seconds, there is something wrong that needs to be investigated by TAC. Provide TAC with the 'grab-log-snapshot' file in step 6 above.
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:42:947 :: #35636132 :: treeUpdate() root ip = 10.10.40.1 node mgmtip = 10.10.40.1 type = fortigate serial = FGT100XXXXXXXX
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:42:947 :: #35636132 :: treeUpdate() root ip = 10.10.40.1 <root> type = fortigate serial = FGT100XXXXXXXX version = 7.2.5.1517
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:42:947 :: #35636132 :: treeUpdate() root ip = 10.10.40.1 node mgmtip = null type = null serial = FNVMCATM00001
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:44:569 :: #392 :: execute() ip = 10.10.40.1
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:48:215 :: #35635922 :: statusUpdate() ip = 10.10.40.1 message = Offline
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:48:215 :: #758 :: statusUpdate() executorService.run() ip = 10.10.40.1 message = Offline
yams.SecurityFabricManager FINER :: 2023-06-15 08:25:48:216 :: #758 :: statusUpdate() executorService.run() found 10.10.40.1
|
