Skip to main content
6sITdept
6sITdept
Visitor III
January 28, 2019
Question

New ISP causes subscriptions to become unavailable

  • January 28, 2019
  • 1 reply
  • 3880 views

We have a Fortigate 100D, firmware 5.4.6.

We are in the process of changing our ISP.  Our older ISP is plugged into WAN1.  We set up the new ISP to WAN2.  Everything was working correctly so we unplugged the ISP from WAN1 so everything would go through WAN2. The next day all the internal users were having problems getting to the internet.  When we checked the firewall, our subscriptions (support contract, IPS & Application control, Antivirus, webfilter, anti-spam) were all "unavailable".   

So we ended up putting the older ISP back and after a while, the licenses started reappearing. and the FW worked normally.

 

It seems like the FW is trying to go out WAN1 to determine if the licenses are valid.  But I don't know what else it can be.

Anyone have this problem?  and is there a solution?

Thank you.

1 reply

Hosemacht
Hosemacht
Explorer
January 29, 2019

Hey there,

 

first try to set the Fortiguard filtering port from 53 to 8888 (Maybe you new isp is Blocking the dns port)

if that doesnt work set the ip of self originated traffic for FortiGuard Services to the ip from WAN2.

 

https://help.fortinet.com...iginated%20traffic.htm

Dave_Hall
Dave_Hall
New Member
January 29, 2019

Changing ISPs and/or rebooting the fgt will sometimes cause a delay in the fgt contacting the Fortiguard servers.  As an age-old remedy there use to be an old KB article detailing the steps to take, similar to this one. - assuming you are either using public DNS servers or use the DNS settings for the new ISP, I would attempt to force update the AV/IPS definitions then check the System log to see if an update went through - then check to see if the fgt successfully contacted the fortiguard servers.  Failing that, I would try (as Robert above suggested) changing the connection port (53 or 8888).

 

Remember that the fgt needs a successfully working DNS for it to reach the Fortiguard servers.

Terms & ConditionsAccessibility statement