FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 217996
Description This article describes how to Identify and solve DNS issue while provisioning Free FortiToken. 

Sometimes, when trying to assign a FortiToken to the users in FortiGate, an error message: 'FortiCare Unreachable' can appear.


One possibility of this error is due to DNS unable to resolve the hostname.


Perform a ping as per below in FortiGate:


# execute ping
# execute ping


The ping fails with the message: 'unable to resolve hostname'.


Now, run the debug commands below, simultaneously ping the FQDN: on FortiGate.


# diag debug application dnsproxy -1

# diag debug enable


# execute ping


The DNS debug result will show output similar to below.


Output from DNS debug:


last_tx=0 ftg_last_tx=0 (orig id: 0x0000 local id:0x0000 active)
[worker 0] dns_send_request()-1302
[worker 0] dns_query_get_local_id()-352: Cannot find local id (number of queries: 18)


- Cannot find local ID in the output means its not releasing the local-ID resource.


To resolve:


Restart DNS proxy using the below command:


# diag test application dnsproxy 99


Once the DNS proxy daemon has been restarted check the ping again and this time the ping should be successful and further the FortiTokens can be provisioned to the intended users.