Skip to main content
btey
Staff & Editor
btey
Staff & Editor
April 15, 2021

Troubleshooting Tip: Connection to Firmware Update server

  • April 15, 2021
  • 0 replies
  • 4073 views

Description

 

This article describes how to troubleshoot/verify the connection from FortiGate to Firmware Update server.

 

Scope

 

FortiGate.

Solution

 

  1. Ensure the firewall can resolve the IP address for the hostname globalupdate.fortinet.net.

 

execute ping globalupdate.fortinet.net

 

If it is unable to resolve the hostname to an IP address, check the status of the DNS servers on FortiGate.

 

  1. Use the following command to capture the debug log:

 

diagnose debug disable
diagnose debug reset
diagnose debug application forticldd
diagnose debug enable

 

To stop the debugging:

 

diagnose debug disable

diagnose debug reset

 

Once the debug is enabled, it will be possible to access to System -> Firmware and execute 'Backup config and upgrade'.

The example debug output as below:

 

[483] fds_https_connect: https_connect(96.45.33.85:443) is established.
[288] fds_svr_default_on_established: fdni has connected to ip=96.45.33.85:443
[295] fds_svr_default_on_established: server-fdni handles cmd-2
[1314] img_untar_req: image=[06004000FIMG0013704005], outfile=[/tmp/fdsm.out]
[128] fds_pack_objects: number of objects: 1
[98] fds_print_msg: FCPC: len=133
[105] fds_print_msg: Protocol=2.0
[105] fds_print_msg: Command=SelectiveUpdate
[105] fds_print_msg: Firmware=FGVMK6-FW-6.04-1803
[105] fds_print_msg: SerialNumber=FGVMXXXXXXXXXX
[105] fds_print_msg: DataItem=06004000FIMG0013704005
[98] fds_print_msg: http req: len=260
[105] fds_print_msg: POST https://96.45.33.85:443/FCPService/FirmwareUpgrade HTTP/1.1
[105] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
[105] fds_print_msg: Host: 96.45.33.85:443
[105] fds_print_msg: Cache-Control: no-cache
[105] fds_print_msg: Connection: close
[105] fds_print_msg: Content-Type: application/octet-stream
[105] fds_print_msg: Content-Length: 325
[487] fds_https_connect: http request to 96.45.33.85:443: header=260, ext=325.
[227] fds_https_send: sent 260 bytes: pos=0, len=260

 

Check the debug log for any issues that may have occurred during the download process.

Example:

 

[465] fds_send_reply: Sending 4 bytes data.
[489] fds_send_reply: send reply failed: req-2, Connection refused
[203] __ssl_data_ctx_free: Done
[1046] ssl_free: Done
[195] __ssl_cert_ctx_free: Done
[1056] ssl_ctx_free: Done
[1037] ssl_disconnect: Shutdown
[421] fds_free_tsk: cmd=2; req.noreply=1

 

Related article: 

Troubleshooting Tip: Unable to connect to FortiGuard servers

Terms & ConditionsAccessibility statement