Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Marit
Staff
Staff

Created on ‎09-16-2025 04:13 AM

Article Id 408393

Technical Tip: Rapid7 VA scan fails with the error message 'Inconclusive host'

Description This article describes how to resolve VA scan (Rapid7) failures where the scan result shows an 'Inconclusive host' message.
Scope FortiGate, VA scan.
Solution

Use Case:

  • An environment with two FortiGate devices configured with FGCP (FGT-1 Active / FGT-2 Standby).
  • A VA scan is performed on both FortiGates simultaneously.
  • FGT-1 passes the VA scan, while FGT-2 fails the VA scan.

 

Troubleshooting:

Failing over HA and re-scanning does not resolve the issue. FGT-1 continues to pass the VA scan, while FGT-2 continues to fail.

 

Solution 1 (if both FortiGates must be scanned at the same time):

  1. Run a VA scan on both FortiGates.
  2. Collect the results from the Active FortiGate.
  3. In the Rapid7 console, delete the scan result object for the Standby FortiGate.
  4. Perform an HA failover.
  5. Run a VA scan on both FortiGates again.
  6. Collect the results from the new Active FortiGate.

 

Solution 2 (recommended):

  1. Run a VA scan on the Active FortiGate.
  2. Perform an HA failover.
  3. Run a VA scan on the new Active FortiGate.

 

Note: For full details, refer to the Rapid7 documentation:

Troubleshooting “Inconclusive host with excessive port connection failures”
Labels:
55
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.