Troubleshooting Tip: License status: 'no license' for antispam and virus outbreak

If the license status of the antivirus/antispam shows as 'no license', make sure the below ports are opened on the Firewall and that there are no upstream devices blocking the traffic.

• FortiGuard Antispam rating queries: UDP/53, UDP/8888, TCP/53, TCP/443, TCP/8888.
• FortiGuard Antivirus push updates: UDP/9443.
• FortiGuard Antispam or Antivirus updates: TCP/443,TCP/8890.
  
  

All these ports need to be allowed on the firewall. Note: Sometimes the upstream ISP or router will have to check on UDP port 53 traffic, and if it is not DNS traffic, it might block it. It means that traffic could still be blocked after the firewall.

As a result, other ports can be used except for UDP/53 for antispam traffic to bypass this kind of check.

If it is necessary to check the port configuration on FortiMail, the following steps should be followed.

1. From the GUI, go to System -> FortiGuard.
2. Go to the Antivirus tab and change the port configuration using the 'FortiGuard server port' section.

Alternatively, if it is necessary to update antispam, go to the Antispam tab and change the port configuration using the 'FortiGuard server protocol' and 'FortiGuard server port' sections.

Check the following steps for antivirus port configuration.

Check the following areas for antispam port configuration.

Additionally, use the following commands to troubleshoot the 'no license' issue, as follows:

Test connectivity with FortiGuard:

execute ping service.fortiguard.net
execute nslookup name service.fortiguard.net
execute nslookup name fds1.fortinet.com

Check the output of the following commands:

get system status
diagnose autoupdate versions
diagnose debug rating
diagnose debug enable
diagnose debug application updated level 7
execute update now

To disable debug mode, execute the following command:

diagnose debug disable