FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ahameed
Staff
Staff
Description
This article deals with the internal server error when activating the FortiCloud account on FortiGate.  This is mostly encountered due to the FortiGate either being unable to resolve the names or unable to reach the FortiGuard services.

ahameed_FD40586_tn_FD40586-1.jpg

Scope
Activating cloud based logging and reporting on FortiGate.

Solution
Verify if FortiGate can resolve the host names and reach the FortiGuard servers.

Open the CLI of the FortiGate and run the following commands.

1)  execute ping-options source <ip address of the wan interface>

Then ping:
execute ping service.fortiguard.net

Unable to resolve hostname.

2)  Go to Network > DNS > and change the DNS server to 'Use FortiGuard Servers' and apply.

3)  Repeat step (1)
execute ping service.fortiguard.net

PING guard.fortinet.net (208.91.112.194): 56 data bytes
64 bytes from 208.91.112.194: icmp_seq=0 ttl=55 time=247.3 ms
64 bytes from 208.91.112.194: icmp_seq=1 ttl=55 time=246.1 ms
64 bytes from 208.91.112.194: icmp_seq=2 ttl=55 time=246.5 ms
64 bytes from 208.91.112.194: icmp_seq=3 ttl=55 time=251.4 ms
64 bytes from 208.91.112.194: icmp_seq=4 ttl=55 time=245.8 ms
If the FortiGate still cannot reach service.fortiguard.net then proceed to step 4.

4)  Set the source IP address to the IP addresses of the WAN (if multiple WAN interfaces are used)  then the one which works with a command in step (1).
config system fortiguard
source-ip <IP address of the WAN interface which can reach service.fortiguard.net>
end

5)  Verify step (1).  If successful then attempt to activate the FortiCloud account again.

Contributors