=== before troubleshooting and to save your time ===
- please make sure that you are not using VDOMs (VDOMs cannot be enabled when Security Fabric is used)
- Security Fabric does not support transparent mode.
- You have to have FAZ or FortiManager with the Analyzer feature enabled.
- Security Fabric cannot be enabled on the loopback, IV interfaces.
- Make sure that you have enabled the "FortiTelemetry" service (fabric service, each major FortiOS version might have a different naming) on corresponding interfaces (fabric upstream and downstream interfaces).
- Make sure there is a connection between FortiGates (you can enable ping on the interface and try to ping).
- Ensure you have specified the valid IP addresses for the security Fabric connection.
=== Troubleshooting===
If so, please provide:
[please create a log file of a session using PuTTY
Run the following commands on the SSH clients:
==== SSH1 (on core FG) ====
# show system global
# show system csf
# diag sys csf downstream
# diag sys csf authorization
# diagnose sys csf neighbor list
# diagnose test application csfd 1
# diagnose sniffer packet any 'host x.x.x.x and port 8013' 6 0 a >>>> x.x.x.x = ip address of the new FG there you have enabled "FortiTelemetry"
--Real time debug--
diagnose debug reset
diagnose debug application csfd -1 / 0 >>> to disable
diagnose debug enable
==== SSH2 (on non-core FG) =====
# show system global
# show system csf
# diag sys csf upstream
# diagnose test application csfd 1
# diagnose sniffer packet any 'host x.x.x.x and port 8013' 6 0 a >>>> x.x.x.x = ip address of the core FG there you have enabled "FortiTelemetry"
--Real time debug--
diagnose debug reset
diagnose debug application csfd -1 / 0 >>> to disable
diagnose debug enable
No comments:
Post a Comment