Skip to main content
Marit
Staff
Marit
Staff
September 16, 2025

Technical Tip: Rapid7 VA scan fails with the error message 'Inconclusive host'

  • September 16, 2025
  • 0 replies
  • 389 views
Description This article describes how to resolve VA scan (Rapid7) failures where the scan result shows an 'Inconclusive host' message.
Scope FortiGate, VA scan.
Solution

Use Case:

  • An environment with two FortiGate devices configured with FGCP (FGT-1 Active / FGT-2 Standby).
  • A VA scan is performed on both FortiGates simultaneously.
  • FGT-1 passes the VA scan, while FGT-2 fails, which indicates that Rapid7 was either unable to establish a connection to FGT-2 or received incomplete responses during the scan.

 

Troubleshooting:

Failing over HA and re-scanning does not resolve the issue. FGT-1 continues to pass the VA scan, while FGT-2 continues to fail.

 

Solution 1 (if both FortiGates must be scanned at the same time):

  1. Run a VA scan on both FortiGates.
  2. Collect the results from the Active FortiGate.
  3. In the Rapid7 console, delete the scan result object for the Standby FortiGate.
  4. Perform an HA failover.
  5. Run a VA scan on both FortiGates again.
  6. Collect the results from the new Active FortiGate.

 

Solution 2 (recommended):

  1. Run a VA scan on the Active FortiGate.
  2. Perform an HA failover.
  3. Run a VA scan on the new Active FortiGate.

 

Note: For full details, refer to the Rapid7 documentation:

Troubleshooting “Inconclusive host with excessive port connection failures”
Terms & ConditionsAccessibility statement