Fortinet black logo

Handbook

Home FortiADC 7.4.2 Handbook
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

AI Threat Analytics troubleshooting and debugging

AI Threat Analytics troubleshooting and debugging

You can use the following tools to diagnose and troubleshoot Threat Analytics issues in FortiADC.

Dashboard

From the FortiADC main dashboard, statuses relating to Threat Analytics is displayed in several widgets.

License

From the License widget, you can check the status of your Threat Analytics service license. You must have a Threat Analytics service license in order to use this integrated service for FortiADC logs. You will not be able to connect to the FortiWeb Cloud server without a valid license.

Security Fabric

From the Security Fabric widget, you can check the status of the Threat Analytics connector.

Threat Analytics

The Threat Analytics dashboard widget displays the connection status to the FortiWeb Cloud server and the status of the FortiADC attack log forwarding.

Threat Analytics connector

When you enable the Threat Analytics connector, the Fortinet AI Threat Analytics service license status will display.

The and icons indicate whether the Threat Analytics connector has successfully connected to the FortiWeb Cloud server. If the connection is down , FortiADC will first perform an inspection of the Fortinet AI Threat Analytics license status to determine whether the connection issue is caused by an invalid license. If a valid Fortinet AI Threat Analytics license exists, then further troubleshooting may be required to determine the root cause of the Threat Analytics connector issue.

Icon

Threat Analytics connector status

Guidelines

Connected

 The FortiADC is successfully connected to the FortiWeb Cloud server.

Valid License

A valid license for Fortinet AI Threat Analytics service is present. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to issues other than the license status. Further troubleshooting is recommended, such as checking your network settings.

14-day Trial Started

The 14-day evaluation license for Fortinet AI Threat Analytics service has been activated, but has not yet expired. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to issues other than the license status. Further troubleshooting is recommended, such as checking your network settings.

14-day Trial Expired

The 14-day evaluation license for Fortinet AI Threat Analytics service has expired. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to invalid license. Please contact the Fortinet Sales team to purchase the Fortinet AI Threat Analytics service license to continue using AI Threat Analytics.

14-day Trial Not Started

The 14-day evaluation license for Fortinet AI Threat Analytics service did not activate because FortiWeb Cloud was unable to identify the connecting FortiADC through the Fortinet Support Contract Email ID.

FortiWeb Cloud requires the Email ID registered to the Fortinet Support Contract to identify and connect your FortiADC to the AI Threat Analytics service. When you attempt to enable the Threat Analytics connector before logging into your Fortinet Support Contract from FortiADC, the Threat Analytics connector will fail to connect. Please ensure to log into your Fortinet Support Contract from the System > FortiGuard page.

No license.

There is no basic FortiADC license. If the FortiADC is on a trial license, you also cannot activate the 14-day Evaluation License. Please contact the Fortinet Sales team to purchase a FortiADC license.

CLI commands to view debug logs relating to AI Threat Analytics

Command

Guidelines

diagnose debug module wassd

To view the debug information of the wassd daemon.

The wassd daemon forms the connection between FortiADC and FortiWeb Cloud and performs several integral functions when AI Threat Analytics is enabled. This includes the following:

  • Establishing a web socket connection with the FortiWeb Cloud using a token. The wassd identifies whether a CA exists before registering to the FortiWeb Cloud. If a CA does exist, then the wassd will send the issue date of the CA certificate to the FortiWeb Cloud.

  • Updating FortiWeb Cloud with FortiADC configuration changes, such as HA status changes, member updates, or mode modification.

  • Updating device certificates received from the FortiWeb Cloud. If wassd registered to the FortiWeb Cloud without the issue date of the CA or that the certificate has expired, then FortiWeb Cloud will send new certificates (including the certificate, key, and CA) to wassd. The wassd will update to the local certificate and CA table, and register to FortiWeb Cloud again with the latest CA issue date.

  • Starting the forwarding of FortiADC attack logs to FortiWeb Cloud. If wassd has successfully registered to FortiWeb Cloud, then it will start the action with the log server and port from the FortiWeb Cloud.

Note:

The wassd daemon is create for AI Threat Analytics and executes the wassd_ws Python script when AI Threat Analytics is enabled. The backend log for the Python script is stored in /var/log/wassd.log.

diagnose debug module miglogd syslog

To view the debug information for the miglogd syslog.

AI Threat Analytics functionality requires FortiADC to send the attack logs to the FortiWeb Cloud via syslog (system logging protocol) that uses TCP SSL. In the case where communication issues arise between FortiADC and FortiWeb Cloud, you can use the diagnose debug module miglogd syslog command to print out the key information about these communications to find the cause.

diagnose system threat-analytics info

 To view the system information for AI Threat Analytics.
Previous
Next

AI Threat Analytics troubleshooting and debugging

You can use the following tools to diagnose and troubleshoot Threat Analytics issues in FortiADC.

Dashboard

From the FortiADC main dashboard, statuses relating to Threat Analytics is displayed in several widgets.

License

From the License widget, you can check the status of your Threat Analytics service license. You must have a Threat Analytics service license in order to use this integrated service for FortiADC logs. You will not be able to connect to the FortiWeb Cloud server without a valid license.

Security Fabric

From the Security Fabric widget, you can check the status of the Threat Analytics connector.

Threat Analytics

The Threat Analytics dashboard widget displays the connection status to the FortiWeb Cloud server and the status of the FortiADC attack log forwarding.

Threat Analytics connector

When you enable the Threat Analytics connector, the Fortinet AI Threat Analytics service license status will display.

The and icons indicate whether the Threat Analytics connector has successfully connected to the FortiWeb Cloud server. If the connection is down , FortiADC will first perform an inspection of the Fortinet AI Threat Analytics license status to determine whether the connection issue is caused by an invalid license. If a valid Fortinet AI Threat Analytics license exists, then further troubleshooting may be required to determine the root cause of the Threat Analytics connector issue.

Icon

Threat Analytics connector status

Guidelines

Connected

 The FortiADC is successfully connected to the FortiWeb Cloud server.

Valid License

A valid license for Fortinet AI Threat Analytics service is present. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to issues other than the license status. Further troubleshooting is recommended, such as checking your network settings.

14-day Trial Started

The 14-day evaluation license for Fortinet AI Threat Analytics service has been activated, but has not yet expired. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to issues other than the license status. Further troubleshooting is recommended, such as checking your network settings.

14-day Trial Expired

The 14-day evaluation license for Fortinet AI Threat Analytics service has expired. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to invalid license. Please contact the Fortinet Sales team to purchase the Fortinet AI Threat Analytics service license to continue using AI Threat Analytics.

14-day Trial Not Started

The 14-day evaluation license for Fortinet AI Threat Analytics service did not activate because FortiWeb Cloud was unable to identify the connecting FortiADC through the Fortinet Support Contract Email ID.

FortiWeb Cloud requires the Email ID registered to the Fortinet Support Contract to identify and connect your FortiADC to the AI Threat Analytics service. When you attempt to enable the Threat Analytics connector before logging into your Fortinet Support Contract from FortiADC, the Threat Analytics connector will fail to connect. Please ensure to log into your Fortinet Support Contract from the System > FortiGuard page.

No license.

There is no basic FortiADC license. If the FortiADC is on a trial license, you also cannot activate the 14-day Evaluation License. Please contact the Fortinet Sales team to purchase a FortiADC license.

CLI commands to view debug logs relating to AI Threat Analytics

Command

Guidelines

diagnose debug module wassd

To view the debug information of the wassd daemon.

The wassd daemon forms the connection between FortiADC and FortiWeb Cloud and performs several integral functions when AI Threat Analytics is enabled. This includes the following:

  • Establishing a web socket connection with the FortiWeb Cloud using a token. The wassd identifies whether a CA exists before registering to the FortiWeb Cloud. If a CA does exist, then the wassd will send the issue date of the CA certificate to the FortiWeb Cloud.

  • Updating FortiWeb Cloud with FortiADC configuration changes, such as HA status changes, member updates, or mode modification.

  • Updating device certificates received from the FortiWeb Cloud. If wassd registered to the FortiWeb Cloud without the issue date of the CA or that the certificate has expired, then FortiWeb Cloud will send new certificates (including the certificate, key, and CA) to wassd. The wassd will update to the local certificate and CA table, and register to FortiWeb Cloud again with the latest CA issue date.

  • Starting the forwarding of FortiADC attack logs to FortiWeb Cloud. If wassd has successfully registered to FortiWeb Cloud, then it will start the action with the log server and port from the FortiWeb Cloud.

Note:

The wassd daemon is create for AI Threat Analytics and executes the wassd_ws Python script when AI Threat Analytics is enabled. The backend log for the Python script is stored in /var/log/wassd.log.

diagnose debug module miglogd syslog

To view the debug information for the miglogd syslog.

AI Threat Analytics functionality requires FortiADC to send the attack logs to the FortiWeb Cloud via syslog (system logging protocol) that uses TCP SSL. In the case where communication issues arise between FortiADC and FortiWeb Cloud, you can use the diagnose debug module miglogd syslog command to print out the key information about these communications to find the cause.

diagnose system threat-analytics info

 To view the system information for AI Threat Analytics.
Previous
Next