Description
This article describes the solution for removing or disabling FortiAnalyzer on FortiGate when the following error appears when attempting from:
CLI:
FortiAnalyzer is used by quarantine settings
node_check_object fail! for status disable
value parse error before 'disable'
Command fail. Return code -3204
Or this error when trying in GUI:
FortiAnalyzer/FortiManager is used in quarantine settings.
Scope
FortiGate (all versions).
Solution
The error shows only that FortiAnalyzer is used somewhere else in the configuration, and this hints at 'quarantine'.
To check, it is possible to look in CLI for 'FortiAnalyzer' and disable that setting first, before disabling FortiAnalyzer from log settings:
show | grep -f FortiAnalyzer
The common place to look is:
config antivirus quarantine
set destination FortiAnalyzer
end
(quarantine) # set destination ?
NULL Files that would be quarantined are deleted.
disk Quarantine files to the FortiGate hard disk.
FortiAnalyzer FortiAnalyzer.
Once this is changed to NULL or disk, there should be no problem to remove the FortiAnalyzer reference:
config log fortianalyzer setting
set status disable
end
