Skip to main content
Andrew3791
Andrew3791
New Member
April 24, 2012
Question

Not able to resolve DNS - Registration License unreachable

  • April 24, 2012
  • 4 replies
  • 15657 views
Hi, The FG-100D units are in a A-P HA cluster on v4 MR3 Patch 6 firmware. I am trying to set the main DNS server in System -> Network -> DNS -> Primary and Secondary DNS Server entries. The problem is that these DNS Server IPs are pingable from the CLI, and traceroute shows they go from WAN1 -> local internet gateway router and pings external DNS server, but when I try and execute a ping with a DNS FQDN (e.g. www.google.com) this cannot resolve. I have hosts in internal subnets behind the firewall using the DNS and resolving queries and accessing the web ok, so this appears to be an issue only from FGT units. The License Registration details cannot be obtained or updates received because this cannot access Fortinet online services. Can anyone help me out with some guidance on where to next? Thank you.

    4 replies

    Carl_Wallmark
    Carl_Wallmark
    New Member
    April 24, 2012
    Hi, Check the release notes, i have read something about the FG100D have a missconfigured management vdom as default, and the solution was something like: config system global set management-vdom root end
      Carl_Wallmark
      Carl_Wallmark
      New Member
      April 24, 2012
      Found it: FortiOS v4.0 MR3 Patch Release 6 introduces support for the FortiGate-100D platform. Included with this model is a special purpose management port that operates on its own virtual domain (VDOM). An issue exists with this feature whereby FortiCare registration fails when initiated from the FortiGate device if this port is connected to the Internet and thus FortiGuard and FortiCare. Upgrading the FortiOS image from its factory default image (build 4083) to FortiOS v4.0 MR3 Patch Release 6 or later does not switch the management VDOM. You must change the management VDOM from the default setting to the root VDOM. To do this, use the following CLI commands: config system global set management-vdom root end
        Andrew3791
        Andrew3791Author
        New Member
        April 24, 2012
        What can I say - you must have a Photographic memory. This has worked, so Ping now works, it looks like the registration is starting to function, and we were having issues with Syslog to a remote syslog server so i' m off to check if this is fixed now too. Thank you!!! You are a life saver.
        Carl_Wallmark
        Carl_Wallmark
        New Member
        April 24, 2012
        No problem ;) Why read a book in bed when you can read a FortiGate manual 100 times
        CG_5766
        CG_5766
        New Member
        June 29, 2012
        Thank you - this resolved my issue. First time experiencing registration issues. Opened support request and Fortinet Support response was to wait minimum of 48 hrs for registration process - have never seen it take more then 30 minutes. Thanks again for sharing
        Terms & ConditionsAccessibility statement