Fortinet: Forticloud logging issue with different providers. They should provide an alternative upload or pull mechanism.
Forticloud is a cool concept and is something I like to make use of, except that Fortinet seems to have issue with a few scenarios where you think you should not run into any issue.Internet access seems to be unblocked.Forticloud can actually manage your device and you'll see cpu and memory usage.No logs appear in the cloud.I have spent considerable amount of time troubleshooting this issue and have not found the root cause, the IPS says they do not filter, our 1st level cisco router does NAT and ZONE based firewalling with an any allow rule outbound.Have not been able to completely understand the process, there are a few commands that I learned while with support but how these different servers interact and which protocols must work is still unclear. BTW: ICMP and TCP connections work.There is a blog article from Boll Engineering:https://blog.boll.ch/?p=2364That talks about that a new default setting of a providers business internet filters out tcp/514 as it is thought of rsh.Fortinet should include an alternative way for this situation, as it seems to be more common.Either a pull, or push (maybe over the management connection), maybe hiding behind tcp/443.
Products Solutions Support Partners Threat Research Contact Us