Step 1: Before involving the TAC Support.

Note: Preliminary investigation will require an evaluation and consideration of the following:

I: Access the free comprehensive information resources available to apply the recommended configurations and troubleshooting tips. 

1. Fortinet Community Knowledge Base (central hub for articles and technical tips on all Fortinet products).
2. Fortinet Official Documentation (Admin Guides, Reference Manuals, Release Information, and Deployment Guides).
3. Fortinet Video Library (Video Deployment Guides).
4. FortiGuard Center (The FortiGuard Security Portal provides summaries of the latest internet threats, security advisories across popular vendor technologies, and access to the latest publications).

II: Determine the eligibility for the support request. Below are services that are uniquely tailored and independently obtained, outside the boundaries of the support ticket.

1. FortiCare Professional Services, purchased separately to assist in designing, planning, optimizing, evolving, operating, and deploying standardized infrastructure (contact the sales team to learn more).
2. Advanced Services, purchased separately to perform RCA analysis, upgrade assistance, and software recommendations (contact the sales team and upgrade).
3. New! Managed FortiGate Service purchased individually to help streamline and optimize network infrastructure by using Fortinet security best practices and ITIL methodologies. Deploy FortiGate devices, adhere to security standards, and improve efficiency. Evaluate, implement, and verify configuration changes. To respond immediately to security incidents, identify configuration weaknesses, and implement proactive security measures (contact the sales team to learn more).
4. FortiConverter Service, a one-time license, is required and purchased separately to perform configuration conversion and migration between FortiGate models or other vendors (contact the sales team to learn more).
5. New! FortiGuard Incident Response Service (Forensic Analysis) assists organizations in assessing and improving current security postures while effectively responding to digital threats through advanced digital forensics and incident response capabilities. These services provide organizations with expert insights into their existing security landscape, identifying vulnerabilities and weaknesses that cyber threats may exploit. This service is not limited to Fortinet family products (contact the sales team to learn more). 

III. Important prerequisites:

1. A support contract is necessary for the FortiGate device with the provided serial number (SN) and any related Fortinet Fabric products, such as FortiAP, FortiClient-EMS, FortiManager, FortiCloud, and FortiSwitch.
2. Verify the support contract for the Fortinet product from the Fortinet Support Portal -> Product List (select product SN) -> Entitlement.
3. If there is a fabric-related issue, a separate ticket should be opened to involve subject matter experts for an in-depth analysis of the affected product or solution.
4. A valid support contract is required for the fabric linked to the device or product identified by its serial number (SN).
5. If only a FortiGate support contract is available, a limited and best-effort investigation will be performed.
6. Missing features are considered NFR (New Feature Request) is not subject to a support ticket. Requesting a feature can be performed only through the local sales representative (contact the sales team).
7. Operating a FortiGate device with a FortiOS version that aligns with the product life cycle is essential for the progress of the investigation. 
8. When third-party products and services are connected, like ISPs, upstream and downstream routers, firewalls, virtual machines, PBX/VoIP systems, cloud infrastructure, servers, workstations, and endpoints, the investigation will be handled from the perspective of FortiGate.
9. It is essential for the client representative (Network Administrator) to present supporting documentation, including debug information, captures, analyses, reference guides, or Fortinet resources, when describing the issue.
10. Work with the TAC engineer to perform the necessary tests and ensure all relevant parties are included in a thorough investigation, as excluding key participants can limit progress and potentially delay resolving the issue.
11. Each ticket can address only one technical issue. Duplicate tickets reporting the same problem will be merged into the main ticket and managed by the same TAC engineer.
12. Configuration conversion and migration between FortiGate models and other vendors require a one-time license, which is not handled through the ticket process (refer to point IId).
13. Before performing any updates or upgrades, make sure to thoroughly review the FortiOS Release Notes for the version being considered. Assess the features currently in use, any changes in functionality, and the list of resolved and known issues.
14. Lack of admin access due to a lost FortiToken cannot be recovered through support. Fortinet does not have any super admin credentials and cannot bypass 2FA or password protection; therefore, it’s the client's responsibility to follow the recommended steps before enabling MFA on a primary admin account. Refer to this article for the steps to follow for FortiToken 2FA recovery: steps to restore device access

Step 2: Get in touch with the TAC Support. 

It is recommended to involve a TAC by using the web ticket at the Fortinet Support Portal -> Guidelines and Policies -> Ticket Creation Guide.

II. Describe the technical issue, ensuring all necessary points required on the ticket are included.

1. Problem description explaining how FortiGate is suspected to be impacting the issue.
2. Historical information on the issue to understand if any recent changes or events could have impacted it.
3. Network Diagram (image, PDF, Visio, etc.) of the impacted network segment where FortiGate is connected.
4. Files and information required to start the investigation. * Mandatory files
   1. A copy of the running configuration of the FortiGate (Technical Tip: How to download FortiGate confi....
   2. A copy of the unit 'Debug Log' (Technical Tip: How to download debug.log file at different FortiOS v....
   3. Output of the HQIP test of the suspected unit SN (Technical Tip: RMA: HQIP test (with built-in Forti... (RMA Investigations). 
   4. Output of the HAR file for suspected web based errors (Troubleshooting Tip: How to collect HAR files... (FortiCloud/ Web-Based Investigations). 

III. Prioritizing a support request.

1. Tickets will be handled according to the purchased support level and SLAs as explained under Fortinet Support  Portal -> Guidelines and Policies -> Guidelines and Policies -> FortiCompanion to Technical Support.
2. Tickets can be registered as P3 or P4, and priority can be increased to P1 or P2 by providing a complete description of the technical issue, ensuring all necessary points required on the ticket are included as instructed (refer to point II). and proof of relevant business impact as defined in the Ticket Priority Definitions in FortiCompanion to Technical Support.

Note: Priority changes can be requested by phone to the toll-free numbers in the Fortinet Contact Support Information.

IV. Defective unit and replacement are requested (RMA). 

1. The suspected defective unit is under P-RMA Subscription: Proof or acknowledgment of the P-RMA Section under the 'FortiCompanion to RMA Services contract. 
2. The suspected defective unit is under Standard RMA Subscription: Proof of the faulty device is required for approval of the information required for the replacement

a. *Copy of the running configuration of the FortiGate.

b. *Copy of the unit "Debug Log"

c. *Output of the HQIP test of the suspected unit SN.

e. Any other debugs, screenshots, and video recordings as per the engineer's request.

For more information, refer to the support contract in place as explained under Fortinet Support Portal -> Guidelines and Policies -> FortiCompanion to RMA Services.

Important Note:

The RMA process is not a substitute for a continuity plan. It involves relying on third-party logistics, which can slow down delivery and disrupt continuity timelines.

Fortinet strongly recommends HA (High-Availability) deployment as the ultimate strategy for business continuity in cases of major disasters.

New! FortiOS in low-end units now is capable of working with a Single FortiGuard license for FortiGate A-P HA cluster. 

V. Additional technical support:

1. If the unit requesting troubleshooting is operating in a timezone different from where it was purchased or registered, inform the TAC engineer that support is required for that specific timezone, as Fortinet Support is available 24/7.
2. Only a TAC engineer can suggest a remote session after fully understanding the issue and performing additional tests to aid the investigation via the GoToMeeting link. Remote Assistance is a valuable tool to gain better visibility and accelerate the investigation, but it’s not a substitute for the commitment or responsibilities of the Network Administrator emphasized above. 
3. TAC engineers won't suggest or make changes that could affect business operations. Any changes made are thoroughly explained beforehand and have a minimal impact on production. Significant changes, like routing changes, SD-WAN migrations, upgrades, HA failovers, etc., should be reviewed and planned for a maintenance window.
4. If unexpected behavior is suspected, the engineer will reproduce the issue, if applicable, only when there is enough evidence to justify an R&D investigation. These investigations are strictly overseen by TAC.

Important Note:

• When reporting an issue, it’s crucial to provide clear and solid evidence. Without this, the analysis might end up incomplete, and the ticket could be closed. The TAC team is always ready to revisit the investigation once the necessary details are shared.
• Teamwork is crucial for effective investigation and resolution. Without active involvement from the client's network admin, the analysis could fall short, possibly leading to the ticket being closed.