Description |
This article describes the case when FortiGate GUI is stuck with the error License is being validated by FortiGuard. In a normal operation, after uploading the license or launching a VM for the first time, a prompt on the GUI about the license being validated by the FortiGuard server:
A successful license validation allows to log in to the FortiGate’s GUI:
However, it is possible to encounter the issue where the first screen loads for a long time, in which it will show a button to select on the CLI console to check the network connection. |
Scope | FortiGate. |
Solution |
Make sure the following requirements are met for the connection to the FortiGuard:
service.fortiguard.net and update.fortiguard.net
If both requirements above are met, run the below commands to troubleshoot FortiGate - FortiGuard communication:
dia de app update -1
Leave it running for a couple of minutes. To disable it, type this command:
dia de disable
Check the debug output for different scenarios:
2022-01-11 14:06:17 [360] __ssl_crl_verify_cb: Cert error 9, certificate is not yet valid. Depth 0
Error: 9 (certificate is not yet valid)
Then it will be necessary to check the FortiGate system time. Refer to the below KB article to adjust the date/time settings on the FortiGate:
After adjusting the settings the validation will go through
upd_comm_connect_fds[455]-Trying FDS [2620:101:9000:140:173:243:140:6]:443 tcp_connect_fds[265]-Failed connecting after sock writable upd_comm_connect_fds[469]-Failed TCP connect upd_act_HA_contract_info[714]-Error updating FSCI -1
Try to explicitly specify the interface to connect to the FortiGuard server by executing the following commands:
config system fortiguard set interface-select-method specify (the default option is auto) set interface <WAN-interface> end
Check the update debug again to see if the FortiGuard servers are reachable now. If not, open a case with TAC for further assistance: https://support.fortinet.com/welcome/#/
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortinet.net ipv6 address failed. upd_fds_create_list[1295]-No server found for update[00000001] do_setup[348]-Failed setup
Try to check DNS connectivity with FortiGate. Refer to the below KB article to bring snd connectivity back on the FortiGate: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.