Description
This article describes how to remedy the tunnel-down indication with FortiGate Cloud.
Scope
FortiGate Cloud.
Solution
Management Tunnel Down means the unit is not connected to the FortiCloud manager server. For example:
The following configuration is required on the FortiGate side for the tunnel to work:
config system central-management
set type fortiguard <---
end
Verify also that the FortiGate is logged in to the correct FortiCloud account:
If all the information has been verified and the configuration above is correct, alternatively, it is possible to change the update server location from automatic to either usa or eu under the FortiGuard setting:
config system fortiguard
set update-server-location [automatic | usa | eu] <---
end
automatic FortiGuard servers chosen based on closest proximity to FortiGate unit.
usa FortiGuard servers in United States.
eu FortiGuard servers in the European Union.
If SD-WAN is used for the WAN connection, try specifying the interface select method to SD-WAN.
config system fortiguard
set interface-select-method sdwan
end
If the management tunnel is still down, then try to change the encryption to 'default' under central-management settings
By default, the enc-algorithm is set to high.
config system central-management
set enc-algorithm default <---
end
After making the change, restart the forticldd process, which is the FortiCloud process:
fnsysctl killall forticldd
Note:
If having an 'Unable to connect to FortiGuard Servers' error in the firewall, solve that first.
If the issue persists, create a Technical Support ticket of type FortiGate/FortiGate Cloud: Fortinet Support.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.