Troubleshooting Tip: FortiCloud management connectivity status down causes by TLS version

The management connectivity status is down on the FortiCloud Network Overview page.

The useful commands below can check the related error message.

# diag debug app forticldd -1
# diag debug enable
# diag fdsm log-controller-update

Then replicate the issue to generate log, disable debugging after done:

# diag deb dis
# diag deb reset

The error message below is regarding the TLS version causing the SSL connection problem.

[40] fds_queue_task: req-101 is added to message-controller
[568] fds_https_start_server: server: 208.91.113.184:443
[569] fds_https_start_server: source-ip: 0.0.0.0:0
[112] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[722] ssl_ctx_create_new_ex: SSL CTX is created
[749] ssl_new: SSL object is created
[80] https_create: proxy server 0.0.0.0 port:0
[968] ssl_connect: SSL_connect failes: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
[475] fds_https_connect: https_connect(208.91.113.184:443) failed: ssl_connect() failed: 6 (error:00000000:lib(0):func(0):reason(0)).
[202] __ssl_data_ctx_free: Done
[1013] ssl_free: Done
[194] __ssl_cert_ctx_free: Done
[1023] ssl_ctx_free: Done
[1004] ssl_disconnect: Shutdown
[217] fds_svr_default_on_error: message-controller: ip=208.91.113.184:443, reason=4
[234] fds_svr_default_on_error: message-controller: Conn failes 1/1
[254] fds_svr_default_on_error: message-controller: req-id=101, num_try=1, read=0, reason=4
[93] fds_mctrl_update_done: update task was not successful.

The TLS version can be modified on the global setting below.

# config system global

(global) # set ssl-min-proto-version TLSv1-2  <----- Modified it from TLSv1-3 to TLSv1-2.
(global) # end

The SSL connection is established after modifying the TLS version.

568] fds_https_start_server: server: 208.91.113.103:443
[569] fds_https_start_server: source-ip: 0.0.0.0:0
[112] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[722] ssl_ctx_create_new_ex: SSL CTX is created
[749] ssl_new: SSL object is created
[80] https_create: proxy server 0.0.0.0 port:0
[481] fds_https_connect: https_connect(208.91.113.103:443) is established.
[267] fds_svr_default_on_established: log-controller has connected to ip=208.91.113.103:443
[274] fds_svr_default_on_established: server-log-controller handles cmd-111