diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml
index 60ada5b7f085..dccde298b8cd 100644
--- a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml
+++ b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml
@@ -27,6 +27,9 @@ processors:
 - set:
     field: event.dataset
     value: fortinet.firewall
+- remove:
+    field: event.timezone
+    ignore_missing: true
 - set:
     field: event.timezone
     value: "{{fortinet.firewall.tz}}"
@@ -178,4 +181,4 @@ processors:
 on_failure:
 - set:
     field: error.message
-    value: '{{ _ingest.on_failure_message }}'
\ No newline at end of file
+    value: '{{ _ingest.on_failure_message }}'
diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json
index 73ad332c40d5..bf1b5de3fd0b 100644
--- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json
+++ b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json
@@ -96,7 +96,6 @@
         "event.module": "fortinet",
         "event.outcome": "success",
         "event.start": "2020-06-24T01:16:08.000Z",
-        "event.timezone": "-02:00",
         "event.type": [
             "connection",
             "end"