Technical Tip: FortiGuard European (EU) servers work only with the Anycast domain name

esalija · ‎06-10-2024

Description

This article describes that the European (EU) FortiGuard servers work only with the Anycast domain name.

Scope

FortiGate v7.0+.

Solution

FortiGuard servers located only in the USA or the European Union through the following commands:

config system fortiguard

set update-server-location [automatic | usa | eu]

end

If Anycast is disabled with the Location EU:

config system fortiguard
set fortiguard-anycast disable
set update-server-location eu
end

It is not possible to take the updates from the FortiGuard servers:

Debug commands for FortiGuard:

diagnose debug disable

diagnose debug reset

diagnose debug application update -1

diagnose debug console timestamp enable

diagnose debug enable

Force FortiGuard update after running debug application update -1:

execute update-now

If no output is generated after initiating the 'execute update-now', restart the update process by initiating the command 'fnsysctl killall updated'.

Result:

FGT-1 # 2024-06-07 07:40:05 upd_vm_process[809]-last warning 11 seconds ago
2024-06-07 07:40:05 do_setup[329]-Starting SETUP
2024-06-07 07:40:05 upd_fds_load_default_server[939]-Resolve and add fds euupdate.fortiguard.net ip address failed.
2024-06-07 07:40:05 upd_fds_load_default_server6[1046]-Resolve and add fds euupdate.fortiguard.net ipv6 address failed.
2024-06-07 07:40:05 upd_fds_create_list[1295]-No server found for update[00000001]
2024-06-07 07:40:05 do_setup[333]-Failed setup
2024-06-07 07:40:05 upd_daemon[1974]-Disabling remaining actions 11
execute 2024-06-07 07:40:06 upd_vm_process[809]-last warning 12 seconds ago
2024-06-07 07:40:11 upd_vm_process[809]-last warning 17 seconds ago
2024-06-07 07:40:16 upd_vm_process[809]-last warning 22 seconds ago
2024-06-07 07:40:16 do_setup[329]-Starting SETUP
2024-06-07 07:40:16 upd_fds_load_default_server[939]-Resolve and add fds euupdate.fortiguard.net ip address failed.
2024-06-07 07:40:16 upd_fds_load_default_server6[1046]-Resolve and add fds euupdate.fortiguard.net ipv6 address failed.
2024-06-07 07:40:16 upd_fds_create_list[1295]-No server found for update[00000001]
2024-06-07 07:40:16 do_setup[333]-Failed setup <--
2024-06-07 07:40:16 upd_daemon[1974]-Disabling remaining actions 11
2024-06-07 07:40:17 upd_vm_process[809]-last warning 23 seconds ago

If AnyCast is enabled and the Location is EU:

config system fortiguard
set update-server-location eu
end

It is possible to take the updates from the FortiGuard servers:

2024-06-07 07:41:59 upd_status_save_status[135]-try to save on status file
2024-06-07 07:41:59 upd_status_save_status[201]-Wrote status file
2024-06-07 07:41:59 __upd_act_update[319]-Package installed successfully
2024-06-07 07:41:59 upd_comm_disconnect_fds[500]-Disconnecting FDS 173.243.142.6:443
2024-06-07 07:41:59 [207] __ssl_data_ctx_free: Done
2024-06-07 07:41:59 [1108] ssl_free: Done
2024-06-07 07:41:59 [199] __ssl_cert_ctx_free: Done
2024-06-07 07:41:59 [1118] ssl_ctx_free: Done
2024-06-07 07:41:59 [1099] ssl_disconnect: Shutdown
2024-06-07 07:41:59 do_update[696]-UPDATE successful <--
2024-06-07 07:43:29 upd_act_report_fmg_list[820]-Starting report FMG LIST.

Refer to the following document for the Anycast and Non-Anycast domains: Update server location.

Related documents:

Troubleshooting Tip: Unable to connect to FortiGuard servers.

Anycast

Technical Tip: FortiGuard European (EU) servers work only with the Anycast domain name

You are leaving our website