Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bkarl
Staff
Staff

Created on ‎08-29-2023 11:26 PM Edited on ‎09-20-2024 03:02 AM By Moderator

Article Id 271029

Technical Tip: How to troubleshoot FortiGate Cloud Internal Error

Description This article describes how to solve the issue of FortiGate Cloud internal error on the latest versions.
Scope FortiGate v7.0.12 or above.
Solution

If the following error appear in GUI:


internal.png

 

Or the same message is observed in CLI:

 

KB 20 - 1.jpg

 KB 20 - 2.jpg

 

  • Check the connectivity from FortiGate to the following servers:

 

execute ping logctrl1.fortinet.com

execute ping globallogctrl.fortinet.net

execute ping service.fortiguard.net

 

If they are not reachable, then check DNS reachability on FortiGate and troubleshoot it accordingly. 

Reference article: Technical Tip: DNS stops working when using custom DNS.

 

  • Troubleshooting:

 

config system fortiguard

    set auto-join-forticloud enable

end

 

config system fortiguard
    unset service-account-id
end

 

config system central-management

    set type fortiguard 

end 

 

diagnose fdsm contract-controller-update
fnsysctl killall fgfmd

 

  • Try logging in to FortiCloud using the command below:

execute fortiguard-log login <email> <password> <location>

 

There are three options for domains like GLOBAL/EUROPE/US.

 

  • Restart forticldd process:

fnsysctl killall forticldd

 

  • Make sure port 514 is not blocked.

 

execute telnet 208.91.113.195 514
execute telnet 208.91.113.104 514


Server IPs above can be taken from the command:

 

diag test application forticldd 3
Debug zone info:
Domain:GLOBAL
Home log server: 208.91.113.195:514
Alt log server: 208.91.113.104:514
Active Server IP: 208.91.113.104

 

  • If the issue persists, it is highly suggested to focus on the result of debug commands:

 

diagnose debug application forticldd -1

diagnose debug enable

 

The following errors may be seen:


1 ----> If the debug has the following entry.

[1060] ssl_connect: SSL_connect failes: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version


Adjust the SSL versions accordingly as shown below:

 

config system global
    set ssl-min-proto-version TLSv1-2
end


----> From debugs Fortigate Cloud seems already logged out.

[105] fds_print_msg: Status:down
[105] fds_print_msg: APTCurrentServer:0.0.0.0:0
[105] fds_print_msg: APTStatus:unknown
[105] fds_print_msg: AccountID:

 

If the issue persists, open a support ticket with Fortinet and attach the Configuration file along with the debug outputs captured above and the output of these commands:

 

diag fdsm account-info
diag fdsm log-controller-update
diag fdsm contract-controller-update

 

diagnose test application forticldd 1

diagnose test application forticldd 2

diagnose test application forticldd 3

 

Related articles:

Technical Tip: FortiGate Cloud Report shows error 'Internal Server Error'

Troubleshooting Tip: FortiCloud internal error when activating a FortiCloud account on FortiGate
5584
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.