Description
This article describes how to resolve the FortiAnalyzer map server connectivity issue.
Scope
FortiAnalyzer.
Solution
- When editing a device in FortiAnalyzer Device Manager, an error message 'Cannot connect to the map server' will be shown if FortiAnalyzer does not have proper Internet access and DNS resolution.
-
FortiAnalyzer requires external connectivity over TCP port 443 (HTTPS) along with proper DNS resolution in order to communicate with the map server domain.
The user may use the Google DNS temporarily and verify if FortiAnalyzer can resolve the DNS.
config system dns
set primary 8.8.8.8
end
-
Once Fortianalyzer has proper Internet access as well as the correct DNS resolution, validate it by pinging the map server domain.
execute ping mapserver.fortinet.com
execute ping maps.googleapis.com -
Once FortiAnalyzer can successfully resolve the map server domain, the device location should be updated accordingly.
If the device location is yet to be updated, the user may reboot the FortiAnalyzer and verify the result again.
Troubleshooting info:
execute tac reportdiagnose system geoip info
diagnose system geoip-city info
diagnose system geoip-city ip 8.8.8.8
