FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alwis
Staff
Staff
Description

This article describes how to troubleshoot the FortiGate Cloud Failed to load data issue.

Scope FortiOS
Solution

Failed to load data error seen, when tried to activate FortiGate Cloud account through the firewall GUI Dashboard.

 

Activate.PNG

 

Failed to load data.PNG

Run FortiCloud  Debug

 

# diagnose debug application forticldd -1
# diagnose debug enable

 

To Stop Debugging

 

# diagnose debug disable

 

The following debug shows TLS protocol version causing the SSL failed to connect to FortiGuard Server

 

[1001] ssl_connect: SSL_connect failes: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
[494] fds_https_connect: https_connect(173.243.132.25:443) failed: ssl_connect() failed: 0 (error:00000000:lib(0):func(0):reason(0)).
[652] fds_https_stop_server: 173.243.132.25:443

 

Verify TLS setting 

 

# config system global
    set ssl-min-proto-version TLSv1-3 <-- change to TLSv1-2
  end

 

Connection to FortiGuard is established after modifying the TLS version.

 

[500] fds_https_connect: https_connect(173.243.140.6:443) is established.
[300] fds_svr_default_on_established: fds-update has connected to ip=173.243.140.6:443
[307] fds_svr_default_on_established: server-fds-update handles cmd-1
[128] fds_pack_objects: number of objects: 1

 

Reference: TLS configuration

By default, the minimum version allowed is TLSv1.2. The FortiGate will try to negotiate a connection using the configured version or higher. If the server that FortiGate is connecting to does not support the version, then the connection will not be made. Some FortiCloud and FortiGuard services do not support TLSv1.3.

Contributors