Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
jkoay
Staff
Staff

Created on ‎03-23-2025 10:56 PM

Article Id 384072

Technical Tip: FortiClient telemetry is in 'Not reachable' state due to DNS being blocked by application firewall

Description

This article describes a scenario where FortiClient's telemetry got into a 'Not reachable' state as it failed to connect to the EMS cloud due to DNS being blocked by the application firewall. 
Scope FortiClient.
Solution

There is a possibility of the FortiClient application firewall blocking DNS resolution from FortiClient to EMS cloud FQDN, forticlient-emsproxy.forticloud.com if the application firewall is enabled in the application firewall endpoint profile and if an EMS administrator has configured to block the entire Network.Service category.

 

When this situation happens, FortiClient's telemetry enters into 'Not reachable' state.

 

Not reachable status.png

 

To verify if it is a DNS resolution issue, review FortiESNAC error logs and it will indicate that FortiClient failed to resolve server address 'fct-FCTUID-tokencode-8013.forticlient-emsproxy.forticloud.com' as below:


[2025-03-24 09:58:36.3480588 UTC+08:00] [1324:1396] [FortiESNAC 974 error] Could not contact the current server - backing up server address and trying other available servers
[2025-03-24 09:59:18.7873487 UTC+08:00] [1324:1396] [FortiESNAC 269 error] Failed to resolve server address fct-FCTUID-tokencode-8013.forticlient-emsproxy.forticloud.com(11001): No such host is known.
[2025-03-24 09:59:18.7875012 UTC+08:00] [1324:1396] [FortiESNAC 974 error] Could not contact the current server - backing up server address and trying other available servers
[2025-03-24 10:01:11.2574916 UTC+08:00] [1324:6252] [FortiESNAC 332 error] Failed to upload quarantined files
[2025-03-24 10:02:15.3751890 UTC+08:00] [1324:1396] [FortiESNAC 269 error] Failed to resolve server address fct-FCTUID-tokencode-8013.forticlient-emsproxy.forticloud.com(11001): No such host is known.
[2025-03-24 10:02:15.3753343 UTC+08:00] [1324:1396] [FortiESNAC 974 error] Could not contact the current server - backing up server address and trying other available servers
[2025-03-24 10:02:57.9213137 UTC+08:00] [1324:1396] [FortiESNAC 269 error] Failed to resolve server address fct-FCTUID-tokencode-8013.forticlient-emsproxy.forticloud.com(11001): No such host is known.
[2025-03-24 10:02:57.9214414 UTC+08:00] [1324:1396] [FortiESNAC 974 error] Could not contact the current server - backing up server address and trying other available servers
[2025-03-24 10:03:40.9870433 UTC+08:00] [1324:1396] [FortiESNAC 269 error] Failed to resolve server address fct-FCTUID-tokencode-8013.forticlient-emsproxy.forticloud.com(11001): No such host is known.
[2025-03-24 10:03:40.9873230 UTC+08:00] [1324:1396] [FortiESNAC 974 error] Could not contact the current server - backing up server address and trying other available servers

 

To resolve this issue, in Endpoint Profiles -> Application Firewall -> Edit the affected firewall profile -> Application Overrides, add DNS application signature and set Action to Allow in Application Overrides as shown below:

Application override.png

 

214
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.