FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bvagadia
Staff
Staff
Article Id 207420

Description

 

This article describes how to remedy the tunnel-down indication with FortiGate Cloud.

 

Scope

 

FortiGate Cloud.

 

Solution

 

Management Tunnel Down means the unit is not connected to the FortiCloud manager server. For example:

 

MicrosoftTeams-image (4).png

 

The following configuration is required on the FortiGate side for the tunnel to work:

 

config system central-management
    set type fortiguard <--- 
end

 

Verify also that the FortiGate is logged in to the correct FortiCloud account:

 

2023-07-21 16_52_09-FortiWiFi - CZCHYFL2.png

 

If all the information has been verified and the configuration above is correct, alternatively, it is possible to change the update server location from automatic to either usa or eu under the FortiGuard setting:

 

config system fortiguard
    set update-server-location [automatic | usa | eu] <--- 

end

 

automatic   FortiGuard servers chosen based on closest proximity to FortiGate unit.
usa         FortiGuard servers in United States.
eu          FortiGuard servers in the European Union.

 

If SD-WAN is used for the WAN connection, try specifying the interface select method to SD-WAN.

 

config system fortiguard
    set interface-select-method sdwan
end


If the management tunnel is still down, then try to change the encryption to 'default' under central-management settings 

By default, the enc-algorithm is set to high.

 

config system central-management

 set enc-algorithm default <--- 
end

 

After making the change, restart the forticldd process, which is the FortiCloud process: 

 

fnsysctl killall forticldd

 

If the issue persists, create a Technical Support ticket of type FortiGate/FortiGate Cloud: Fortinet Support.