Skip to main content
smkml
Staff
smkml
Staff
May 18, 2026

Troubleshooting Tip: Service status shows as 'Pending' for FortiGate HA under FortiGuard

  • May 18, 2026
  • 0 replies
  • 121 views

Description


This article describes how to troubleshoot a status that persistently shows as Pending for an HA FortiGate under FortiGuard -> Packages -> Service Status.

b10dafee.png


Scope


FortiManager and FortiGate.


Solution


Make sure FortiGate has a valid license with the same subscriptions for the Primary and Secondary unit(s), if High Availability was configured.

To resolve connectivity or configuration issues when FortiManager acts as a FortiGuard server for FortiGate, see this article: Technical Tip: FortiGate configuration for using FortiManager as local FDS.

Hover over the Pending status to understand which Object ID shows the difference.

1b75cb1f.png


Alternatively, view this information in the CLI by using the following command:

# diagnose fmupdate show-dev-obj

DEVICE(SN:FGVM01000xxxx):
ID                 Status      DeviceVer    ServerVer    PreferVer    License     LicenseType    Description          FMGI
--                 ------      ---------    ---------    ---------    -------     -----------    -----------          ----
07004000IPGO00000  up-to-date  00003.00331  00003.00331  00000.00000  valid       FMWR           GeoIP Country Level  IP Geo DB

DEVICE(SN:FGVM01TMxxx,flags:[ha-slave]):
ID                 Status      DeviceVer    ServerVer    PreferVer    License     LicenseType    Description          FMGI
--                 ------      ---------    ---------    ---------    -------     -----------    -----------          ----
07004000IPGO00000  pending     00003.00330  00003.00331  00000.00000  valid       FMWR           GeoIP Country Level  IP Geo DB


When performing an 'execute update-now' command on FortiGate with the debug command 'diagnose debug application update -1' enabled, note the difference of the IP GEO DB nomenclature with AV Encyclopedia (AVEN), Advanced Malware Protection (AVDB) and others.

upd_cfg_extract_sfas_version[789]-version=07004000SFAS00000-00005.00058-2604150208
pack_obj[186]-Packing obj=Protocol=3.2|Command=Update|Firmware=FGVMK6-FW-7.04-2795|SerialNumber=FGVM010xxx|UpdateMethod=0|AcceptDelta=1|Uid=04cf162ee63f483a833bb745328c7c84|

DataItem=
07004000AVEN02800-00007.00041-2503282205*
07004000AVDB00201-00093.07176-2605142131*
07004000AVDB00701-00093.07176-2605142131*
07004000AVDB01901-00004.04276-2605142145*
00000000FCNI00000-00000.00000-0000000000*
00000000FDNI00000-00000.00000-0000000000*
07004000FLEN07600-00007.00600-2602242019* 
07004000IPGO00000033312605051048* >>>>>>>>>>>>>>>>>>>>>> IP GEO DB nomenclature
07004000FFDB02008-00007.04442-2605131234*
07004000UWDB00100-00004.00954-2605140202*
07004000CRDB00000-00001.00063-2603200107*
07004000MMDB00101-00093.07176-2605142135*


The nomenclature format is outdated and cannot be sent to FortiManager. Resolve this by removing the um2 database with the following command:

diagnose fmupdate fgt-del-um-db um2.db


This command only removes device object info and will not reboot the FortiManager. Once the command has run, perform the manual update from FortiGate again and check the Service status afterward.

806db3ef.png

    Terms & ConditionsAccessibility statement