Saturday, July 19, 2014

A howto diagnostic forticloud issues 5.2GA

Fortinet cloud logging is somethings a challenge to debug. But under 5.2GA,  we can use the diag command to test for  the forticloud connections.


1st issues the diag command with application forticloud  to see our options



2nd we will use the level 1 to see our username and device details. I've circled key items that we must take note of.



3rd use the level 3 integer to see your log status for bytes and quotas


Next we will use the diag debug en and miglogd option to validate logs are being sent



lastly, to ensure traffic is being sent to forticloud, we dump on the address or tcp/port that's output from the above.




Key points to remember

  • forticloud is a SMB logging solution
  • requires firewall policies to have logging enabled ( set logtraffic all
  • uses reliable syslog ( tcp )
  • encrypts all log data from  fortigate to forticloud
  • your fortigate must have a interface with public access
  • has quota limits for logging data
  • logging is sent at the completion of the session
  • ensure you can traceroute  if you are experiencing  connectivity issues ( ping is disable )
  • most problems are caused by 1> incorrect user/password  2> upstream devices blocking access
note1: keep in mind the alternative log server ip_address as seen from the output of the diag test application forticl 3 command

note2: you can change the  source address if you have multiple uplink interfaces;

config system fortiguard
  set sourc-ip  x.x.x.x
end
 

 Ken Felix
Freelance Network/Security Engineer
kfelix  -----a----t---- socpuppets ---dot---com

   ^    ^
=( # # )=
     @
     /  \


Posted by at

2 comments:

  1. UnknownSeptember 4, 2014 at 2:30 AM

    Hello Ken

    How to change active server Ip
    Because I'm 0.0.0.0

    Thanks

    ReplyDelete
  2. socpuppetsSeptember 5, 2014 at 4:32 AM

    What do you mean change the active server? I don't think you can do that.

    ReplyDelete

Subscribe to: Post Comments (Atom)