Created on 02-13-2015 07:15 AM Edited on 11-21-2022 08:23 AM By Stephen_G
Description
This article describes that after renewing a contract license or rebooting the FortiGate, the License information widget indicates that all or some of the services are not available.
Scope
Add additional commands and information to some of the steps provided in this related article:
License Information on Dashboard shows "Unreachable" or "Not Registered" after a FortiGate is reboo...
Solution
Below are steps to take when the license information widget indicates that the registration and security services are unavailable.
Note: Virtual appliances do not currently support manual licensing. Only FortiGate 7.2.0 and later hardware appliances allow uploading manual licensing for air-gap settings. For more information and for instructions on how to manually upload FortiGate licenses, see the documentation.
1) Disable Anycast:
Technical Tip: FortiGuard is not reachable via Anycast default method
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGuard-is-not-reachable-via-Anycast-de...
2) Run the following commands in the CLI to prompt the FortiGuard communications
# diag debug app update -1
# diag debug en
# exec update-now
3) Is there a web profile applied to any policies?
- Often people are hesitant to do so because of the message that appears when they initially try to configure the web profile.
- Apply the Web profile to an internal to Wan policy.
- Go to System -> Status -> License Information, select the refresh button on the top bar (hover mouse over it).
4) If registration/services do not appear after applying the profile to the policy and refreshing the License Information, go to:
- Go to System -> Config -> FortiGuard -> Web Filtering and Email Filtering Options.
- Press Test Availability.
- Go to System -> Status -> License Information, select the refresh button on the top bar (hover mouse over it).
5) If the registration/services do not appear after pressing the test button go to:
- Go to System -> Config -> FortiGuard -> Web Filtering and Email Filtering Options.
- Select to use the Alternate Port.
- Press Test Availability.
- Go to System -> Status > License Information, select the refresh button on the top bar (hover mouse over it).
6) If the registration does not appear after changing to alternate port, go to the CLI console.
- Try pinging the FortiGuard services URL:
# exec ping service.fortiguard.net
- If that resolves to an IP then type the following commands, if it does not resolve to an IP then this is a DNS issue.
# diag debug application update -1
# diag debug enable
# exec update-now
- Go to System -> Status -> License Information, select the refresh button on the top bar (hover mouse over it).
7) If multiple VDOMS are used on the FortiGate, make sure that there is an Internet-facing VDOM set as the management vdom.
Use the following commands to verify:
# config system global
set management-vdom <vdom> <----- This VDOM should have Internet access.
end
Then run the 'update-now' command again.
8) If the issue is not resolved at this point, open a support ticket at https://support.fortinet.com/ and attach:
- The config file to a support ticket.
- The CLIoutput to the ticket as a text file.
For information on the ports used for FortiGuard communications please see the following information:
The FQDN is service.fortiguard.net
Related ports:
7.2 https://docs.fortinet.com/document/fortigate/7.2.0/fortios-ports/160067/outgoing-ports
7.0 https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports
6.4 https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/206267/introduction
6.2 https://docs.fortinet.com/document/fortigate/6.2.0/ports-and-protocols/206267/introduction
Related Articles
Technical Note: Traffic Types and TCP/UDP Ports used by Fortinet Products
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.