|
On the FortiGate GUI, go under System -> FortiGuard, check the license information, which is displayed as expired.
Verify the license information of FortiGate on support.fortinet.com, which displays as active.
As per the article mentioned below, run the debugs on FortiGate CLI. Some debug commands for FortiGuard:
diagnose debug reset
diagnose debug application update -1
diagnose debug console timestamp enable
diagnose debug enable
Force FortiGuard update after running debug:
execute update-now
Example:
2025-04-28 11:58:35 upd_pkg_create_update_req[711]-Update comp 0x410
2025-04-28 11:58:35 pack_obj[202]-Packing obj=Protocol=3.2|Command=Update|
Firmware=FGT60F-FW-6.04-2095|SerialNumber=xxxx UpdateMethod=0|AcceptDelta=0|Contr
actItem=xxxx |DataItem=01000000FSCI00100-00000.00000-0000000000
2025-04-28 11:58:35 get_fcpr_response[308]-Unpacked obj: Protocol=3.2|Response=204|
Firmware=FPT033-FW-6.9-0236|SerialNumber=FPT-FGT-DELL0406|Server=FDSG|Persistent=fal
se|PEER_IP=212.203.79.78|ResponseItem=01000000FSCI00100:200*03001000FSSI00000:200
2025-04-28 11:58:35 get_fcpr_response[348]-Wan ip=[212.203.79.78]
2025-04-28 11:58:35 installUpdatePackage[1197]-Online Update freezed, expiry=680f5195,
current=680f514b
2025-04-28 11:58:35 upd_install_pkg[1357]-Failed pkg install (-14)
2025-04-28 11:58:35 __upd_act_update[348]-Failed installing pkg
2025-04-28 11:58:35 upd_comm_disconnect_fds[499]-Disconnecting FDS 173.243.140.6:443
2025-04-28 11:58:35 [204] __ssl_data_ctx_free: Done
2025-04-28 11:58:35 [1093] ssl_free: Done
2025-04-28 11:58:35 [196] __ssl_cert_ctx_free: Done
2025-04-28 11:58:35 [1103] ssl_ctx_free: Done
2025-04-28 11:58:35 [1084] ssl_disconnect: Shutdown
2025-04-28 11:58:35 upd_act_HA_contract_info[810]-Error updating FSCI -1
2025-04-28 11:58:35 do_update[518]-UPDATE failed
Here is an example how a successful connection should like and attempted successful update:
2025-10-29 10:30:32 do_setup[333]-Starting SETUP
2025-10-29 10:30:32 upd_fds_load_default_server[920]-Addr=[173.243.142.6], weight=809854739
2025-10-29 10:30:32 upd_fds_load_default_server[939]-Resolve and add fds
euupdate.fortinet.net ip address OK.
2025-10-29 10:30:32 upd_fds_load_default_server6[1046]-Resolve and add fds
euupdate.fortinet.net ipv6 address failed.
2025-10-29 10:30:32 upd_comm_connect_fds[457]-Trying FDS 173.243.142.6:443
2025-10-29 10:30:32 [271] __ssl_init: Done
2025-10-29 10:30:32 pack_obj[186]-Packing obj=Protocol=3.0|Command=VMSetup|Firmware=FGVMK6-FW-7.04-2731|SerialNumber=FGVM02TM25013657|Connection=Internet|Address=10.5.
138.10:0|Language=en-US|TimeZone=1|UpdateMethod=1|Uid=25232138ee1c4f88ab69f077d8fa0008|VMPlatform=KVM
2025-10-29 10:30:32 get_fcpr_response[298]-Unpacked obj: Protocol=3.0|
Response=200|Firmware=FPT033-FW-6.9-0284|SerialNumber=FPT-FGT-DELL0405|Server=FDSG|Persistent=fal
se|PEER_IP=78.153.225.200
2025-10-29 10:30:32 upd_vm_cfg_set_status[271]-Saved status code 200
2025-10-29 10:30:32 upd_comm_disconnect_fds[498]-Disconnecting FDS 173.243.142.6:443
2025-10-29 10:30:32 do_setup[343]-SETUP successful
2025-10-29 10:30:33 upd_fds_load_default_server6[1046]-Resolve and add fds
euupdate.fortinet.net ipv6 address failed.
2025-10-29 10:30:33 upd_comm_connect_fds[457]-Trying FDS 173.243.142.6:443
2025-10-29 10:30:33 [116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.
2025-10-29 10:30:33 [399] __bio_mem_dump: OCSP status good
2025-10-29 10:30:33 upd_pkg_create_update_req[706]-Update comp 0x1000070
2025-10-29 10:30:33 pack_obj[186]-Packing obj=Protocol=3.2|Command=Update|Firmware=FGVMK6-FW-7.04-2731|SerialNumber=FGVM02TM25013657|UpdateMethod=0|AcceptDelta=0|Uid=2
5232138ee1c4f88ab69f077d8fa0008|DataItem=00000000FCNI00000-00000.00000-0000000000*00000000
FDNI00000-00000.00000-0000000000*01000000FSCI00100-00000.00000-0000000000*010
00000ALCI00000-00000.00000-0000000000
-2025-10-29 10:30:33 get_fcpr_response[298]-Unpacked obj: Protocol=3.2|Response=300|
Firmware=FPT033-FW-6.9-0284|SerialNumber=FPT-FGT-DELL0405|Server=FDSG|Persistent=fa
lse|PEER_IP=78.153.225.200|ResponseItem=00000000FCNI00000:200*00000000FDNI00000:200*01000000
FSCI00100:200*01000000ALCI00000:200
2025-10-29 10:30:33 doInstallUpdatePackage[1038]-Full obj found for FCNI000
2025-10-29 10:30:33 doInstallUpdatePackage[1048]-Updating obj FCNI
2025-10-29 10:31:37 __upd_act_update[319]-Package installed successfully
2025-10-29 10:31:37 upd_comm_disconnect_fds[498]-Disconnecting FDS 173.243.142.6:443
2025-10-29 10:31:37 [207] __ssl_data_ctx_free: Done
2025-10-29 10:31:37 [1108] ssl_free: Done
2025-10-29 10:31:37 [199] __ssl_cert_ctx_free: Done
2025-10-29 10:31:37 [1118] ssl_ctx_free: Done
2025-10-29 10:31:37 [1099] ssl_disconnect: Shutdown
2025-10-29 10:31:37 do_update[711]-UPDATE successful
2025-10-29 10:31:37 upd_cfg_extract_sfas_version[789]-version=07004000SFAS00000-00005.00054-2509291031
2025-10-29 10:31:37 do_update[719]-IPS components updated (a9e44af0), generating SNMP trap.
In case the update is unsuccessful and Anycast is enabled on FortiGate, verify the status. To check if Anycast servers are up or experiencing an outage, see this document: FGT Anycast Query.
If the issue persists, try rebooting the FortiGate as a last resort.
Related articles:
Technical Tip: FortiGuard is not reachable via Anycast default method
Troubleshooting Tip: Unable to connect to FortiGuard servers
|
