Skip to main content
pollognr911
pollognr911
New Member
October 18, 2024
Solved

Fortigate 100F does not sync with FortiCloud

  • October 18, 2024
  • 3 replies
  • 3157 views

Dear, please help me in this case:

 

I have a Fortigate 100F which was return to the factory and configured as an edge in another datacenter.

The internet provider gave us a private WAN IP x.x.x.x; but to go out to the internet, we must do it through a secundary WAN IP y.y.y.y.

The Firewall was already registered in FortiCloud before the factory reset. Currently it appears registered in FortiCloud.

The system information on the dashboard confirms the WAN IP y.y.y.y; but when trying to connected to FortiCloud it gives us "FortiGate Cloud Internal Error".

When generating a PING using the CLI witch the source-ip y.y.y.y to the service.fortiguard.net URL, I do manage to reach it, but when I connected to the internet, it gives me the aforementioned error.

When reviewing the traffic I see that in the rule Implicit Deny the origin y.y.y.y with destination to the Fortinet DNS, port TCP/853 es accepted.

 

Best answer by AnthonyH

Hello pollognr911,

 

Could you have a look at this article where you can set the source ip for FortiGate to FortiCloud:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-source-IP-address-on-FortiGate-to/ta-p/195504

if it does not work can you run the following debugs and paste the output here:
diagnose test application forticldd 1

dia debug en

3 replies

AnthonyH
Staff
AnthonyHAnswer
Staff
October 18, 2024

Hello pollognr911,

 

Could you have a look at this article where you can set the source ip for FortiGate to FortiCloud:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-source-IP-address-on-FortiGate-to/ta-p/195504

if it does not work can you run the following debugs and paste the output here:
diagnose test application forticldd 1

dia debug en

pollognr911
pollognr911Author
New Member
October 21, 2024

Dear, thank you very much for your help.

When performing the indicated tests, I detected that log fortguard setting was disabled, so I enabled it and then configured it with the secundary WAN IP and managed to connect. This option in other firewalls is enabled by default.

FortiArt
Staff
FortiArt
Staff
October 18, 2024

Would you please confirm if the following is what you've on configured on fortigate:

 

configure system central-management

set type fortiguard

end

 

In addition you can check this troubleshooting article:

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiCloud-connection-failure/ta-p/196104

 

Hope this helps

pollognr911
pollognr911Author
New Member
October 21, 2024

Dear, thank you very much for your help. When performing the indicated tests, I detected that log fortguard setting was disabled, so I enabled it and then configured it with the secundary WAN IP and managed to connect. This option in other firewalls is enabled by default.

Mrinmoy
Staff
Mrinmoy
Staff
October 19, 2024

You can try to force the traffic via wan2. For example

config system fortiguard
set interface-select-method specify
set interface wan2
set source-ip 1.2.3.4
end

pollognr911
pollognr911Author
New Member
October 21, 2024

Dear, thank you very much for your comment. I had performed this test before with the information found in various forums, but the problem persisted. The solution was as indicated above, the fortiguard log was disabed.

Terms & ConditionsAccessibility statement