Skip to main content
esalija
Staff
esalija
Staff
June 10, 2024

Technical Tip: FortiGuard European (EU) servers work only with the Anycast domain name

  • June 10, 2024
  • 0 replies
  • 2775 views
Description This article describes that the European (EU) FortiGuard servers work only with the Anycast domain name.
Scope FortiGate v7.0+.
Solution

FortiGuard servers located only in the USA or the European Union through the following commands:

 

config system fortiguard

    set update-server-location [automatic | usa | eu]

end

 

  1. If Anycast is disabled with the Location EU:

config system fortiguard
    set fortiguard-anycast disable
    set update-server-location eu
end

 

It is not possible to take the updates from the FortiGuard servers:

 

Debug commands for FortiGuard:

 

diagnose debug disable

diagnose debug reset

diagnose debug application update -1

diagnose debug console timestamp enable

diagnose debug enable

 

Force FortiGuard update after running debug application update -1:

 

execute update-now

 

If no output is generated after initiating the 'execute update-now', restart the update process by initiating the command 'fnsysctl killall updated'.

 

Result:

 

FGT-1 # 2024-06-07 07:40:05 upd_vm_process[809]-last warning 11 seconds ago
2024-06-07 07:40:05 do_setup[329]-Starting SETUP
2024-06-07 07:40:05 upd_fds_load_default_server[939]-Resolve and add fds euupdate.fortiguard.net ip address failed.
2024-06-07 07:40:05 upd_fds_load_default_server6[1046]-Resolve and add fds euupdate.fortiguard.net ipv6 address failed.
2024-06-07 07:40:05 upd_fds_create_list[1295]-No server found for update[00000001]
2024-06-07 07:40:05 do_setup[333]-Failed setup
2024-06-07 07:40:05 upd_daemon[1974]-Disabling remaining actions 11
execute 2024-06-07 07:40:06 upd_vm_process[809]-last warning 12 seconds ago
2024-06-07 07:40:11 upd_vm_process[809]-last warning 17 seconds ago
2024-06-07 07:40:16 upd_vm_process[809]-last warning 22 seconds ago
2024-06-07 07:40:16 do_setup[329]-Starting SETUP
2024-06-07 07:40:16 upd_fds_load_default_server[939]-Resolve and add fds euupdate.fortiguard.net ip address failed.
2024-06-07 07:40:16 upd_fds_load_default_server6[1046]-Resolve and add fds euupdate.fortiguard.net ipv6 address failed.
2024-06-07 07:40:16 upd_fds_create_list[1295]-No server found for update[00000001]
2024-06-07 07:40:16 do_setup[333]-Failed setup <--
2024-06-07 07:40:16 upd_daemon[1974]-Disabling remaining actions 11
2024-06-07 07:40:17 upd_vm_process[809]-last warning 23 seconds ago

 

  1. If AnyCast is enabled and the Location is EU:


config system fortiguard
    set update-server-location eu
end

 

It is possible to take the updates from the FortiGuard servers:

 

2024-06-07 07:41:59 upd_status_save_status[135]-try to save on status file
2024-06-07 07:41:59 upd_status_save_status[201]-Wrote status file
2024-06-07 07:41:59 __upd_act_update[319]-Package installed successfully
2024-06-07 07:41:59 upd_comm_disconnect_fds[500]-Disconnecting FDS 173.243.142.6:443
2024-06-07 07:41:59 [207] __ssl_data_ctx_free: Done
2024-06-07 07:41:59 [1108] ssl_free: Done
2024-06-07 07:41:59 [199] __ssl_cert_ctx_free: Done
2024-06-07 07:41:59 [1118] ssl_ctx_free: Done
2024-06-07 07:41:59 [1099] ssl_disconnect: Shutdown
2024-06-07 07:41:59 do_update[696]-UPDATE successful <--
2024-06-07 07:43:29 upd_act_report_fmg_list[820]-Starting report FMG LIST.

 

Refer to the following document for the Anycast and Non-Anycast domains: Update server location.

 

Related documents: 

Troubleshooting Tip: Unable to connect to FortiGuard servers.

Anycast
      Terms & ConditionsAccessibility statement