Troubleshooting Tip: FortiAnalyzer has a valid license for FortiAI but is facing an issue when using it

Pre-requisites and conditions for the FortiAI service to work:

1. Verify if FortiAnalyzer has a valid contract.

FAZ-150G # diagnose fmupdate dbcontract
FAZ15GT224XXXXXX [SERIAL_NO]
AccountID: XXXXXXXXXXX 
Industry:
Company: XXXXXXXXXXXX 
Contract: 6
AISN-1-06-20280725
ENHN-1-10-20251022
FMWR-1-06-20251022
FRVS-1-06-20251022
HDWR-1-04-20260724
SPRT-1-10-20251022
Contract Raw Data:
Contract=AISN-1-06-20280725:0:1:1:0*XXXXXXXXXXXXXX|AccountID=XXXXXXXXX|Company=XXXXXXX|UserID=XXXXX

2. FortiAnalyzer allows for 3 FortiAI users. The FortiAI features can only be enabled for local administrators. Ensure that the user attempting to access the AI chat has the 'FortiAI user' option enabled as below:

Troubleshooting:

1. Make sure fortiai.forticloud.com FQDN has been whitelisted in FortiGate (if FortiGate is in front of the FortiAnalyzer).
2. Verify that FortiAnalyzer can reach the AI server:
   
   

diagnose system aiserver get diagnose system aiserver test

FMG-VM64 # diagnose system aiserver get
Current server is https://fortiai.forticloud.com

FMG-VM64 # diagnose system aiserver test

* Host fortiai.forticloud.com:443 was resolved.
* IPv6: (none)
* IPv4: 154.52.20.214
* Trying 154.52.20.214:443...
* Connected to fortiai.forticloud.com (154.52.20.214) port 443

exe ping <aiserver IP> <----- The IP can be obtained from the output of the first command.

If FortiAnalyzer is unable to reach the AI server via 'diagnose system aiserver test':

• It is possible to change the DNS IP.
• If an internal DNS IP is in use, ensure that DNS can resolve the AISERVER.
  
  

Related document:

FortiAI license