FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
SAJUDIYA
Staff
Staff
Article Id 270794
Description

This article describes that in some cases, the error 'unable to connect to FortiGuard server' will not show up but traffic denied by UTM.

 

There is no error in the system dashboard and the license status shows correct. 

 

Issue identified from Logs & Monitor -> Forward traffic and there are logs displayed with UTM denied with the error 'All FortiGuard servers failed to respond.'

 

Fortiguard_servers_failed_to_respond.jpg

Scope Any version.
Solution

In this case, the issue shall not be displayed with FortiGuard from GUI as it did not show any error on the dashboard or FortiGuard section. 

 

Verify from the update daemon debug and it can be possible to see the error below: 

 

di de reset 

diagnose debug application update -1 

diagnose debug enable 

 

upd_comm_connect_fds[474]-Failed TCP connect  
upd_comm_connect_fds[459]-Trying FDS 173.243.138.67:443  
tcp_connect_fds[269]-Failed connecting after sock writable  
upd_comm_connect_fds[474]-Failed TCP connect  
do_update[672]-UPDATE failed 

 

To identify the issue, check the dia debug rating output and it will show as below: 

 

dia deb rating 

Locale       : spanish 

Service      : Web-filter 

Status       : Enable 

License      : Contract 

 

Service      : Antispam 

Status       : Enable 

License      : Contract 

 

Service      : Virus Outbreak Prevention 

Status       : Disable 

 

Num. of servers : 1 

Protocol        : https 

Port            : 443 

Anycast         : Enable 

Default servers : Included 

 

-=- Server List (Mon Jun 26 17:31:57 2023) -=- 

 

IP                                             Weight    RTT Flags   TZ   FortiGuard-requests  Curr Lost Total Lost             Updated Time 

2620:101:9000:140:173:243:140:16                    0      0 DIF      0                 49408      49407      49407 

 

As seen from the above output, it displays only one server which shows the flag DIF. It means the above server is down and FortiGate is not able to connect to the FortiGuard server. 

 

It means there is an issue with the filtering service availability: 
Urlfilter can be restarted to check if the device can connect to FortiGuard:



diag test app urlfilter 99
diag deb rating

 

or FortiGuard anycast can be disabled and the protocol UDP with port 53 or 8888 can be chosen:

 

config system fortiguard

    set fortiguard-anycast disable

    set protocol udp

    set port 8888

    set sdns-server-ip 208.91.112.220

end

 

04.PNG

 

After this change, it can be possible to see the ratings output something like below:

 

diagnose debug rating

Locale       : english

 

Service      : Web-filter

Status       : Enable

License      : Contract

 

Service      : Antispam

Status       : Disable

 

Service      : Virus Outbreak Prevention

Status       : Disable

 

Num. of servers : 30

Protocol        : udp

Port            : 8888

Anycast         : Disable

Default servers : Included

 

-=- Server List (Wed Aug 16 23:02:28 2023) -=-

 

IP                                             Weight    RTT Flags   TZ   FortiGuard-requests  Curr Lost Total Lost

           Updated Time

208.184.237.61                                     35    321 D FT    -8                   230        224        224 W

ed Aug 16 22:39:53 2023

208.184.237.62                                     40    284   FT    -8                    92         84         84 W

ed Aug 16 22:39:53 2023

208.184.237.64                                     40    286   FT    -8                    86         84         84 W