Created on 07-06-2023 05:54 AM Edited on 07-07-2023 01:10 AM By Jean-Philippe_P
This article describes the solution for removing or disabling FortiAnalyzer on FortiGate when the following error appears when attempting from:
CLI:
FortiAnalyzer is used by quarantine settings
node_check_object fail! for status disable
value parse error before 'disable'
Command fail. Return code -3204
Or this error when trying in GUI:
FortiAnalyzer/FortiManager is used in quarantine settings.
FortiGate (all versions).
The error shows only that FortiAnalyzer is used somewhere else in the configuration, and this hints at 'quarantine'.
To check, it is possible to look in CLI for 'FortiAnalyzer' and disable that setting first, before disabling FortiAnalyzer from log settings:
show | grep -f FortiAnalyzer
The common place to look is:
config antivirus quarantine
set destination FortiAnalyzer
end
(quarantine) # set destination ?
NULL Files that would be quarantined are deleted.
disk Quarantine files to the FortiGate hard disk.
FortiAnalyzer FortiAnalyzer.
Once this is changed to NULL or disk, there should be no problem to remove the FortiAnalyzer reference:
config log fortianalyzer setting
set status disable
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.