Home

How to Troubleshoot Connectivity Issues Between FortiGate and FortiAnalyzer

This article outlines the steps to diagnose and resolve connectivity problems between FortiGate and FortiAnalyzer.

Troubleshooting connectivity issues between FortiGate and FortiAnalyzer involves several systematic steps. Below is a comprehensive guide to help you identify and resolve these issues effectively.

Step 1: Verify Firmware Compatibility

Ensure that the firmware versions of both FortiGate and FortiAnalyzer are compatible. As a general rule, the firmware on the FortiAnalyzer should be equal to or higher than that on the FortiGate. Check the compatibility documentation for specific version details.

Step 2: Check FortiAnalyzer Configuration on FortiGate

Use the following command to verify the configuration settings for logging to FortiAnalyzer:

get log fortianalyzer setting

Ensure that:

  • status is set to enable
  • server points to the correct IP address of the FortiAnalyzer (e.g., 10.34.199.143)
  • upload-option is configured correctly (e.g., 5-minute for every 5 minutes)
  • reliable is set according to your needs (set it to enable for TCP, which is more reliable)

Also, check if any filters are applied that might restrict log transmission:

get log fortianalyzer filter

Verify that severity levels and traffic types are appropriately configured.

Step 3: Test Connectivity from CLI and GUI

CLI Testing

Run the following command from the FortiGate CLI:

exec log fortianalyzer test-connectivity

Look for messages indicating successful registration and connection status. If you see an error like “Authentication Failed,” ensure that your device is registered in the FortiAnalyzer.

GUI Testing

In the GUI, navigate to Log Settings and check for any prompts indicating authorization issues or connectivity problems.

Step 4: Basic Network Connectivity Tests

Perform basic network tests using ping, traceroute, and telnet commands from both devices:

exec ping 10.34.199.143 exec traceroute 10.34.199.143 exec telnet 10.34.199.143 514

Check if ICMP packets are allowed through firewalls between devices, as successful pings indicate basic connectivity.

Step 5: Check Firewall Rules

Ensure that TCP/UDP port 514 is open on any intermediate firewalls or routers between the two devices. This port is crucial for OFTPD protocol communication.

Step 6: MTU Size Verification

If connectivity seems fine but logs are not being sent, check for MTU size issues by executing:

exe ping-options df-bit yes exe ping-options data-size 1500 exec ping x.x.x.x # Replace with FAZ-IP.

Adjust data sizes downwards until you find a size with no packet loss, then adjust MTU settings accordingly.

Step 7: Advanced Debugging Commands

Utilize advanced debugging commands on both devices:

On FortiGate:

diag sniffer packet any 'host x.x.x.x and port 514' 6 0 l # Replace x.x.x.x with FAZ-IP. diag debug reset diag debug app fgtlog 255 # For detailed logging. diag debug enable

On FortiAnalyzer:

diag sniffer packet any 'host y.y.y.y and port 514' 3 0 l # Replace y.y.y.y with FG-IP.

Analyze SYN/ACK numbers in communication logs to identify where failures occur.

Step 8: Collect Logs for Further Analysis

If issues persist after all checks, gather logs from both devices using these commands:

On FortiGate:

get sys status get sys performance status # Run multiple times. exec log fortianalyzer test-connectivity

On FortiAnalyzer:

get sys status exec top # Monitor system performance.

Attach these logs when contacting technical support if necessary.

By following these steps systematically, you can effectively troubleshoot connectivity issues between your FortiGate and FortiAnalyzer devices.

Authoritative Sources Used:

  • Fortinet Documentation
  • Fortinet Technical Support Articles
  • Fortinet Knowledge Base