Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!Trial licence limitations for sending logs from Fortigate to FortiAnalyzer?

Author Post Essentials Only Full Version
yuno New Member Total Posts : 6 Scores: 0 Reward points: 0 Status: offline 2020/04/29 08:26:57 (permalink) FortiAnalyzer 0 Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? Hi all TL;DR Does anyone know if the Fortigate trial licence limitations on encryption/decryption (which for example prevent the use of HTTPS) also prevent the SSL connections from Fortigate to FortiAnalyzer for the purposes of sending logs (via oftpd)? I was trying to test sending logs from a Fortigate VM (firmware 6.4) to FortiAnalyzer VM (firmware 6.4) but I just get "No connection" and if you hover the cursor over that you get "Error occurred:{0}". The goal is to test forwarding logs from the FortiAnalyzer to a third device but I can't get this far as the Fortigate won't send the logs to the FortiAnalyzer. A reddit post (www.reddit.com/r/...er_trial_ssl_error_3/) suggested this is probably a trial licence limitation but it would be good to confirm it here if possible. If anyone has found something similar please let me know. Thanks Testing steps: I've made sure to check the compatibility matrix and the FGT and FAZ are compatible. The Fortigate device is added as a device in the FortiAnalyzer. I can test connectivity between the two using ping successfully. I found various posts online with suggestions to make it work by allowing weaker encryption but none worked in this case e.g. (forum.fortinet.com/tm.aspx?m=140479) FGT: conf log fortianalyzer setting set enc-algorithm low set reliable enable FAZ: conf global setting set enc-algorithm low FGT: exec log fortianalyzer test-connectivity Failed to get FAZ's status. Connection failed. Connection refused(-1) Failed to get FAZ's status. SSL error. (-3). FAZ - enabling debug logging for the oftpd app on the Fortianalyzer showed the following error: (as in kb.fortinet.com/k...do?externalID=FD41272) [oftpd_handle_session] oftp_recv_packet failed: SSL setup failure. Client connection closed. Reason 14(SSL setup failure) Also I read the following, but it seems that these conditions were met during testing: >6.2 FAZ will only process encrypted logs from Fortinet devices. FAZ encryption level MUST be equal to or less than the FGT’s encryption level. Trial licences are in use on both the Fortigate and the FortiAnalyzer. post edited by yuno - 2020/04/29 08:42:15 #1 FortiAnalyzer 6 Replies Related Threads
localhost Gold Member Total Posts : 136 Scores: 25 Reward points: 0 Joined: 2015/05/21 02:47:51 Location: Zug, Switzerland Status: offline Re: Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? 2020/04/29 09:00:14 (permalink) 0 I don't know about FortiAnalyzer. But Fortigates will only support very limited encryption support for Web management, IPSEC Tunnels, SSLVPN and SSL inspection,etc. So this will be probably the same for your FortiAnalyzer connections. Can you give this a try? On your Fortigate: config log fortianalyzer setting set reliable disable #2
yuno New Member Total Posts : 6 Scores: 0 Reward points: 0 Status: offline Re: Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? 2020/04/29 09:32:41 (permalink) 0 Hi, thanks for the reply. I used that setting on the Fortigate but unfortunately there was no change to the connection status. #3
localhost Gold Member Total Posts : 136 Scores: 25 Reward points: 0 Joined: 2015/05/21 02:47:51 Location: Zug, Switzerland Status: offline Re: Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? 2020/05/02 08:58:24 (permalink) 0 Hi This works for me with FortiAnalyzer-VM64 v6.2.3 and FortiGate-VM64 v6.2.3 running unregistered trial versions: FAZ config: config system global set enc-algorithm low set log-forward-cache-size 4 set oftp-ssl-protocol sslv3 set usg enable end Fortigate config: config log fortianalyzer setting set status enable set server "10.1.2.100" set certificate-verification disable set serial "FAZ-VM0000000001" set ssl-min-proto-version SSLv3 set upload-option realtime end Succesfull FortiAnalyzer connectivity is not visible in GUI. But it's transfering logs and the CLI command shows a succesfull connection: FortiGate-VM64 # execute log fortianalyzer test-connectivity FortiAnalyzer Host Name: FAZVM64 FortiAnalyzer Adom Name: root FortiGate Device ID: FGVMEVFV6YKXEGEB Registration: registered Connection: allow Adom Disk Space (Used/Allocated): 704512B/53687091200B Analytics Usage (Used/Allocated): 671744B/37580963840B Analytics Usage (Data Policy Days Actual/Configured): 0/60 Days Archive Usage (Used/Allocated): 32768B/16106127360B Archive Usage (Data Policy Days Actual/Configured): 365/365 Days Log: Tx & Rx (5 logs received since 10:46:07 05/02/20) IPS Packet Log: Tx & Rx Content Archive: Tx & Rx Quarantine: Tx & Rx Certificate of Fortianalyzer valid and serial number is:FAZ-VM0000000001 After entering the CLI commands, just got to Security Fabric -> Settings and re-apply the settings. Then you should be able to change the log location to FortiAnalyzer in the 'Log & Report' view as well. #4
yuno New Member Total Posts : 6 Scores: 0 Reward points: 0 Status: offline Re: Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? 2020/05/04 04:41:09 (permalink) 0 Hi, thank you I applied the settings on my 6.4 firmware FGT/FAZ devices as you detailed above but unfortunately they did not allow the two devices to communicate. The GUI still showed 'No Connectivity' and on CLI the output from 'exec log fortianalyzer test-connectivity' was still: Failed to get FAZ's status. Connection failed. Connection refused(-1) Failed to get FAZ's status. SSL error. (-3). Following your post though I have downloaded a Fortigate and Fortianalyzer VM for firmware version 6.2.3, deployed these VMs, applied the Fortigate config log fortianalyzer settings and FortiAnalyzer system global settings as in your post, and I have been able to successfully send the logs from the Fortigate to the FortiAnalyzer. Thanks again #5
georgemilev New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2021/01/17 04:17:19 Status: offline Re: Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? 2021/04/08 12:11:27 (permalink) 0 Hello, I am facing the same issue, but there is no assistance here... #6
Yurisk Gold Member Total Posts : 217 Scores: 33 Reward points: 0 Joined: 2011/12/04 03:30:01 Status: offline Re: Trial licence limitations for sending logs from Fortigate to FortiAnalyzer? 2021/04/11 11:57:55 (permalink) 0 Tried it on 6.4.4 - worked, tried 6.4.5 - didn't , go figure, in the end asked for evaluation license and all worked. post edited by Yurisk - 2021/04/18 04:26:43 Yuri https://yurisk.info/ #7

Jump to:

© 2021 APG vNext Commercial Version 5.5