Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Issues ingesting encrypted traffic from Fortinet to Sentinel

Copper Contributor

Hi Guys, We've been setting up Fortinet Connector and would like to encrypt traffic using TLS 1.2 between Firewall and Collector (In Azure-Linux VM). The certificates are generated on the collector and distributed/configured on a Fortinet Firewall.
The Collector status is running fine with RSyslog Daemon. I have been doing testing but unfortunately, when the collector receives encrypted traffic (I can see encrypted in tcpdump) it's not getting decrypted or forwarded to Log Analytics Workspace). Please note when I send test logger/mock messages from a collector or send plain text traffic from Fortinet, I can see the logs getting ingested into LAW in CEF without any issues. Would be great if you could please help..
Thanks

0 Replies