Fortinet Security Fabric settings do not go downstream?

michaeldijk · ‎03-14-2024

I'm trying to enable logging for allowed traffic.
In the downstream devices this option is greyed out.
So i figured i had put it throught in the fabric root.
After i enabled log allowed traffic in the fabric root, and applied it.
It seems to only work for the fabric root itself and not the downstream devices.
Whenever i log in to the downstream devices the option still shows as disabled and greyed out

What can i do to fix this?

hbac · ‎03-14-2024

Hi @michaeldijk,

It should be synchronized from root to downstream. You can check this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-Security-Event-logging-on-policy-wi...

Regards,

michaeldijk · ‎03-18-2024

So even if it doesn't show on downstream fortigates, The function is still enabled?

smkml · ‎03-18-2024

Hi @michaeldijk ,

If you are using Security Fabric, downstream device will follow configuration on FortiAnalyzer and FortiManager in root device, and not be able to configure by itself

michaeldijk · ‎03-18-2024

Understood.
The question is why the option does not show as checked in downstream devices, but does show as checked in the root device.

smkml · ‎03-18-2024

Hi @michaeldijk ,

Can you share some screenshot what you have mentioned?

michaeldijk · ‎03-20-2024

im looking forward to your reply

michaeldijk · ‎03-18-2024

Basically i have an 80F fortigate as Root of the fabric.
With the following log settings.
Then i have a 40F fortigate which is downstream from that specific 80f Fortigate.
But those log settings show as disabled and are grayed out
How come?
80F root Fabric connections80F root log settings40F downstream connections40F downstream log settings

michaeldijk · ‎03-18-2024

@smkml