Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nur
Staff
Staff

Created on ‎01-30-2025 05:56 AM Edited on ‎02-03-2025 01:16 AM By Community Manager

Article Id 373615

Technical Tip: FortiGate reach FortiManager when there is no Local-FortiGuard configured

Description This article describes how to handle an issue where FortiGate fails to reach FortiGuard and the FortiManager while there is no Local-FortiGuard configured.
Scope FortiGate, FortiManager, FortiGuard.
Solution

When no local-FortiGuard has been configured from FortiGate, the debug log outputs will inform the user of a failure to update.

 

Ertiga-kvm30 # upd_fds_load_default_server[939]-Resolve and add fds usupdate.fortinet.net ip address failed.
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortinet.net ipv6 address failed.
upd_fds_create_list[1295]-No server found for update[00000001]
upd_vm_cfg_set_status[279]-Saved status code 502
do_setup[351]-Failed setup
upd_daemon[2203]-Disabling remaining actions 1
upd_vm_process[728]-Status changed from 1 to 2 [valid 1]
upd_daemon[1764]-Doing vm setup request because it's been too long
do_setup[347]-Starting SETUP

 

However, in some situations while running the debug commands, the FortiGate fails to get an update from FortiGuard, and will instead connect to local-FortiGuard to get an update.

 

upd_comm_connect_fds[457]-Trying FMG 49.231.XX.XX:8890 <- Trying to connect to FortiManager using port 8890.
tcp_connect_fds[269]-Failed connecting after sock writable
upd_comm_connect_fds[472]-Failed TCP connect

 

In this situation, check the 'include-default-servers' under system Central-Management.

 

If disabled, it will reach the Local-FortiGuard (even if there is no local-FortiGuard configured).

 

If enabled, it will reach the FortiGuard Server.

 

Ertiga-kvm30 # config system central-management

Ertiga-kvm30 (central-management) # get
mode : normal
type : fortimanager
schedule-config-restore: enable
schedule-script-restore: enable
allow-push-configuration: enable
allow-push-firmware : enable
allow-remote-firmware-upgrade: enable
allow-monitor : enable
serial-number : "FMG-VMTM2400XXXX"
fmg : "10.47.X.XX"
fmg-source-ip : 0.0.0.0
fmg-source-ip6 : ::
local-cert :
ca-cert :
vdom : root
server-list:
fmg-update-port : 8890
include-default-servers: disable / enable
enc-algorithm : high
interface-select-method: auto

 

When there is no Local-FortiGuard configured, ensure the 'include-default-servers' value is enabled if the FortiGate fails to reach the FortiGuard. It will produce an error instead of connecting to FortiManager as Local-FortiGuard.

 

Related document:

No server found for update when trying to connect to FortiGuard Server 
675
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.