Description
This article provides the necessary information changes on FortiManager and FortiAnalyzer to allow the FortiManager to act as a FortiGuard server for the FortiAnalyzer.
Scope
During the initial installation of the new FortiManager/FortiAnalyzer VM is connected to the FortiCare server to download the contract information.
Solution
To set up a new FortiAnalyzer VM.
First, upload the license file.
Then the FortiAnalyzer will try to connect to FortiCare servers.
At this point, one has two options:
- To upload the Entitlement File to the FortiAnalyzer / FortiManager directly.
- To override the settings of the device about the FDS point to a local FortiManager who is acting as a FortiGuard server.
This article will start with the first scenario.
Note: Remember that any change of the IP of the FortiAnalyzer / FortiManager regarding the license will require a new Entitlement File.
Connect through the CLI to upload the Entitlement File (see this guide on how to request account entitlement files).
execute fmupdate ftp import license "Entitlement_filename" "FTP_IP_addr" "/" "ftp_user" "ftp_pwd"
Example of this command:
execute fmupdate ftp import license "EntitlementExport-2022-08-30T190500.229" "10.55.5.220" "/" "test1" "test1"
This operation will replace the current package!
Do you want to continue? (y/n)y
Start getting file from FTP Server...
Transferred 0.002M of 0.002M in 0:00:00s (0.014M/s)
FTP transfer is successful.
Package installation is in process... This could take some time.
Update successfully
Note: Command parameters are case-sensitive. Quotes are always used around the parameters like in this example 'my_Account'.
Update: From version 7.2.2 this process could be made through the Install wizard.
To review whether the upload was successful, use the 'diagnose fmupdate dbcontract' command.
diagnose fmupdate dbcontract
FAZ-VMTMxxxxxxx [SERIAL_NO]
AccountID: user@fortinet.com
Industry:
Company:
Contract: 6
ENHN-1-10-20230831
FMWR-1-06-20230831
FRVS-1-06-20230831
PBDS-1-06-20230831
SOAR-1-06-20230831
SPRT-1-10-20230831
Contract Raw Data:
After this step, the web page of the FortiAnalyzer/FortiManager needs to be reloaded.
Troubleshooting steps:
In this case, it is possible to do a packet capture concerning the selected protocol.
Two CLI console connections will be needed.
The first connection is required to start a packet capture. The second connection will be used to initiate the download of the entitlement file again.
If the selected protocol is TFTP, refer to the example below.
diagnose sniffer packet any 'udp and port 69' 3 0 a
interfaces=[any]
filters=[udp and port 69]
The second option.
First, set up the FortiManager. The version of the FortiManager should be 6.2.x or newer.
config system interface
edit "port2"
set ip 10.55.6.18 255.255.240.0
set serviceaccess fgtupdates fclupdates webfilter-antispam
config ipv6
set ip6-autoconf disable
end
next
config fmupdate service
set query-antispam enable
set webfilter-https-traversal enable
end
To review if the port is open, type the following command:
diagnose fmnetwork netstat list
Active Internet connections (servers and established)
tcp 0 0 :::8890 :::* LISTEN
After taking all of these steps, add the Entitlement File from the GUI (Go to FortiGuard -> Settings -> Service License -> Upload) or upload it through the CLI as shown in the previous section of this article.
diagnose fmupdate dbcontract
--- output omitted ---
This article will help one how to make it:
Operating as an FDS in a closed network
From the FortiAnalyzer set the following commands:
config fmupdate server-override-status
set mode strict
end
config fmupdate fds-setting
config server-override
set status enable
config servlist
edit 1
set ip 10.55.6.18 <---- FortiManager IP.
set port 8890
next
end
end
end
To review whether the settings are correct, use the command below.
diagnose fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Strict
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 10.55.6.18 8890 1 0 CLI
If a second connection is kept to the FortiAnalyzer through CLI the FDS connectivity log can be observed with the command below:
diagnose fmupdate view-linkd-log fds
2022/09/01_12:14:53.857 info fds_svrd[1003]: Send subshm update notification to fgdsvrd
2022/09/01_12:14:53.860 warn fds_svrd[1003]: *** Set forticlient max number: 50000
2022/09/01_12:14:53.860 info fds_svrd[1003]: update_downstream_fct_fect, 543: update file /var/fds/data/downstream_fct_fect.dat
2022/09/01_12:15:03.970 info fds_svrd[1003]: Start fds client session to '10.55.6.18:8890', task = SELPOLL svc=0
2022/09/01_12:15:03.990 info fds_svrd[1003]: [FMG-->FDS] Request: Protocol=4.0|Command=SelectivePoll|Firmware=FAZVM64-FW-7.02-1215|SerialNumber=FAZ-VMTM22011525|Persistent=false|DataItem=01000000CATL00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*04000000OBLT00000-00000.00000-0000000000*03001000SRUL00000-00000.00000-0000000000*03001000BREG00000-00000.00000-0000000000*01000000BLDV00000-00000.00000-0000000000*01000000OBJL00000-00000.00000-0000000000*01000000FMGI00000-00000.00000-0000000000*00000000IMLT00000-00000.00000-0000000000*01000000ALCI00000-00000.00000-0000000000|AcceptDelta=0|ContractItem=FAZ-VMTM22011525|__FMG2FMGVersion=1.0|__FMG2FMGService=FGT^M ^M
2022/09/01_12:15:04.041 info fds_svrd[1003]: FCP_CONN:: receiving package: num_objects=1 total_size=240
2022/09/01_12:15:04.041 info fds_svrd[1003]: FCP_CONN:: received object: id=04000000FCPR00000 ver=00000.00000-0000000000 size=112
2022/09/01_12:15:04.041 info fds_svrd[1003]: [FDS-->FMG] Response: Protocol=4.0|Firmware=FMG-VM64-FW-6.04-2253|SerialNumber=FMG-VMTMxxxxxx|Response=400|Persistent=false^M ^M
2022/09/01_12:15:04.041 error fds_svrd[1003]: Got error response from fds: code = 400
2022/09/01_12:15:04.042 info fds_svrd[1003]: Check update with fds 10.55.6.18 SUCCESS
During the first connection to the FortiManager is normal to receive the error code 400.
To overcome this, it is necessary to restart the service.
diagnose fmupdate service-restart fds
This operation will restart the selected service.
Do you want to continue? (y/n)y
diagnose fmupdate view-linkd-log fds
2022/09/01_12:19:45.415 info fds_svrd[1003]: Start fds client session to '10.55.6.18:8890' by indicated request.
2022/09/01_12:19:45.433 info fds_svrd[1003]: [FMG-->FDS] Request: Protocol=3.0|Command=VMSetup|Firmware=FAZVM64-FW-7.02-1215|SerialNumber=FAZ-VMTM22011525|Uid=bb133442-db28-7dbb-f960-273d7ec41fd6|Language=en-US|UpdateMethod=1|__FMG2FMGVersion=1.0|__FMG2FMGService=FGT^M ^M
2022/09/01_12:19:45.556 info fds_svrd[1003]: FCP_CONN:: receiving package: num_objects=1 total_size=240
2022/09/01_12:19:45.556 info fds_svrd[1003]: FCP_CONN:: received object: id=04000000FCPR00000 ver=00000.00000-0000000000 size=112
2022/09/01_12:19:45.557 info fds_svrd[1003]: [FDS-->FMG] Response: Protocol=3.0|Firmware=FMG-VM64-FW-6.04-2253|SerialNumber=FMG-VMTMxxxxx|Response=200|Persistent=false^M ^M
2022/09/01_12:19:45.557 info fds_svrd[1003]: Send setup to fds 10.55.6.18 SUCCESS
Related articles:
