Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
oarslan
Staff
Staff

Created on ‎03-11-2022 09:38 AM Edited on ‎02-24-2025 07:01 AM By Moderator

Article Id 206725

Technical Tip: FortiGuard Flags and Meanings

Description This article describes the meanings of FortiGuard flags.
Scope FortiGate and FortiGuard.
Solution

FortiGate and FortiGuard connectivity can be checked with the command 'diag debug rating'.

 

For each IP address, the output of the commands shows the following:

  • RTT (round trip delay).
  • Flags.
  • TZ (Server time zone).
  • Curr Lost (The number of recent and consecutive queries without reply).
  • Total lost (The historical total number of queries without reply; these values reset when the. device restart).

 

Capture.JPG

 

The output of this command shows flags beside some servers and below is the explanation for each flag value.

 

  • I=Initial: The server was initially contacted to validate the license and get the server list. Usually, there is only one server with this flag.
  • D=Default: The IP address FortiGate got when resolving the name 'service.fortiguard.net'.
  • S=Serving: IP address of servers received from FortiManager.
  • T=Timing: The server is not replying to FortiGate queries. The server remains in this state for 15 seconds (default) before being considered as failed.
  • F=Failed: The server is down.
9566
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.