FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 212546

This article describes why FortiGate is unable to connect FortiGuard servers after upgrading the firmware version.

Scope FortiGate.

The following error appears under Dashboard -> Status -> Licenses:




The same message is also shown under System -> FortiGuard -> FortiGuard Updates as below:



The update debug shows 'Failed getting wan ip' as below:

do_setup[344]-Failed setup

do_update[632]-UPDATE failed

do_check_wanip[787]-Failed getting wan ip


The issue is due to the 'cloud-communication' and 'include-default-servers' being disabled in the previous firmware version, and it must be enabled in order to let FortiGate communicate with FortiGuard located in the internet cloud.

config system global
    set cloud-communication enable

config system central-management
    set include-default-servers enable


Scenario 2


The below logs in Debugs in the case of the PPPoE WAN interface along with failed to get WAN IP. 

upd_pkg_recv[1721]-Error receiving pkg header len=0 hdr=64
__upd_act_update[303]-Failed receiving update rsp


Solution for Scenario 2

Try changing the interface MTU to 1300 to fix the issue.


The following commands differ from the old version of FortiGate as of v6.2.x or v6.4.x.


Run the following commands:


dia de reset

dia de consol time en

dia de app update -1

dia de en

exe update-now


Run the following for five to ten minutes:


dia de di

dia de reset

dia autoupdate versions