Analyzer and ipsec vpn

Author
Fullmoon
Platinum Member
  • Total Posts : 851
  • Scores: 13
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: offline
2019/08/24 00:53:06 (permalink)
0

Analyzer and ipsec vpn

I have a working VPN infra already. I'm experiencing odd scenario on how to address this. All sites (40) able to reached my HQ and vice versa. Computer/s from different sites able to accessed HQ local resources. I'm am aware that from HQ FG in order for me to ping remote site/s is to use ping-options and defined HQ LAN interface. Now I'm introducing to have a centralize log repository in my HQ using FAZ. I selected few FG's from my different sites, and defined FAZ private IP on each FG's log settings.
 
The weird part here was that, FAZ cant recognized remote sites ip addresses. Given the fact that ip address, SM and routing was properly defined in my FAZ side. FAZ local ip and HQ FG are on the same subnet/vlan. Remote sites able to ping FAZ local ip.
Workaround was to DNAT my FAZ using my spare public address and that IP address was assign to each FG's log settings.
 
Any help or advice is much appreciated. 
 
 

Fortigate Newbie
#1

1 Reply Related Threads

    tanr
    Platinum Member
    • Total Posts : 682
    • Scores: 31
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: Analyzer and ipsec vpn 2019/08/24 09:23:47 (permalink)
    0
    What are the versions for FortiGates and FortiAnalyzer?  Have you enabled the security fabric and associated the FAZ, and if so, is your root FortiGate logging okay?  There are some hoops to jump through if you've got the fabric enabled, as I ran into in https://forum.fortinet.com/tm.aspx?m=165039.
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5