- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortianalyzer add device works but the ip address ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortianalyzer add device works but the ip address is empty and no logs
For a client, in his local FortiAnalyzerVM (v7.4.1), I added the local Fortigate200F (v7.2.4), and it work great.
So I tryed to add, with the same "Device Manager-Add Device" a FortigateVM (v7.2.4) in AWS with the serial number, but even if the wizard say "complete", at the end, nothing works.
The network is like this:
Local 192.x.network - Fortigate200F - internet - IPSec Tunnel - internet - AWS - (WAN 10.0.5.50) EC2 FortigateVM (LAN 10.0.1.50) - remote AWS EC2 servers 10.x.network.
All pings works in all direction, except if I go on the FortigateVM in the CLI, and ping the FortiAnalyzer.
But that ping works if I add a ping-options source like this:
FortigateVM# exec ping-options source 10.0.1.50 (internal LAN ip-address of the FortigateVM)
Obliviously, if I test the FortigateVM settings of Fortianalyzer, it's not there:
FortigateVM# get log fortianalyzer setting
status : disable
So this comes with two questions:
Q1 - By default, does the exec ping uses the WAN1 ip address all the time?
Q2 - In a 2012 post here, https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-send-FortiGate-logs-to-the-For... they suggest to use the "config log fortianalyzer override-setting" to force a source-ip address...
***************
Edit1:
Forcing it...
System - Feature Visibility : Local Out Routing (Enable)
Security Fabric - Fabric Connectors - Logging & Analytics - Edit settings , and enable/configure FortiAnalyzer, it wont connect, can't get the serial number.
Network - Local Out Routing - Edit Log FortiAnalyzer Setting to specify an interface you could ping the FortiAnalyzer from and forcing a source-ip...
Validating with "get log fortianalyzer setting" shows it's using the correct port and the source-ip is correct...
STILL not working!
HELP.
Labels:
- Labels:
-
FortiAnalyzer
-
FortiGate
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Take a sniffer by executing the following command: 'di sniffer packet any 'host x.x.x.x and port 541', where x.x.x.x is the IP of the FortiAnalyzer. We want to verify they are talking back and forth properly with your current settings.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer and guidance. I'll So, at first I tryed the basic with the sniffer...
FortiAnalyzerVM 192.168.1.50 : sniff anything from FortigateVM, ping, and confirm it work.
FortigateVM 10.0.1.50 : exec ping-options source 10.0.1.50, sniff anything from FortiAnalyzerVM, ping, and it works. (With the ping-options source parameter, more on that later).
Keep sniffing everything (not just port 541) from one another, and from the FortiAnalyzerVM, "add device" by adding the FortigateVM with the serial number : Answer "Device is added successfully."
There are no traffic at all between the two.
Just for fun, locally, I nmap (scan) the FortiAnalyzerVM ports, and 541 and 514 where closed. But the local Fortigate200F is working even without that.
Officially, it's only port 514 https://docs.fortinet.com/document/fortianalyzer/7.4.0/fortianalyzer-ports/290737/incoming-ports
So, I have changed the port configuration on the FortiAnalyzerVM to allow "Web Service" and "FortiManager".
Now, local network nmap FortiAnalyzerVM 192.168.1.50 , ports 541 and 514 are now open.
Same for remote network nmap from the network 10.0.1.x, ports 541 and 514 are now open.
No changes.
Maybe it's a bug , I have a feeling that the FortigateVM does not follow it's own config to force the connection from the source-ip parameter. Because it's it's using only the current routing tables, it wont work, just like the ping without the "ping-options source" option.
get log fortianalyzer setting
FortigateVM # get log fortianalyzer setting
status : enable
ips-archive : enable
server : 192.168.1.50
...
source-ip : 10.0.1.50
interface-select-method: specify
interface : port2
Any more ideas?
Related Posts
- Issues with activating proxy mode in... 83 Views
- IPSEC Down After Changing the IP... 84 Views
- Setting Up NAT64 to handle 64:ff9b::... 71 Views
- Displaying the MAC address of a... 187 Views
- FortiNAC - Profiling Static IP Devices 173 Views
Labels
-
FortiGate
6,538 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
Customer Service
70 -
FortiToken
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
SSL SSH inspection
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
Schedule
1 -
4.0MR1
1 -
SDN connector
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
FortiPAM
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
FortiManager-VM
1 -
Zone
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.