FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alwis
Staff
Staff
Article Id 224661
Description

This article describes how to troubleshoot the FortiGate Cloud 'Failed to load data' issue.

Scope FortiOS.
Solution

The following 'failed to load data' error may be seen when trying to activate a FortiGate Cloud account through the firewall GUI Dashboard.

 

Activate.PNG

 

Failed to load data.PNG

Run a FortiCloud debug:

 

# diagnose debug application forticldd -1
# diagnose debug enable

 

To stop debugging, run the following:

 

# diagnose debug disable

 

The following debug output shows the TLS protocol version causing the SSL connection to the FortiGuard server to fail:

 

[1001] ssl_connect: SSL_connect failes: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
[494] fds_https_connect: https_connect(173.243.132.25:443) failed: ssl_connect() failed: 0 (error:00000000:lib(0):func(0):reason(0)).
[652] fds_https_stop_server: 173.243.132.25:443

 

Verify TLS settings:

 

config system global
    set ssl-min-proto-version TLSv1-1 <-- change to TLSv1-2
end

 

A connection to FortiGuard is established after modifying the TLS version.

 

[500] fds_https_connect: https_connect(173.243.140.6:443) is established.
[300] fds_svr_default_on_established: fds-update has connected to ip=173.243.140.6:443
[307] fds_svr_default_on_established: server-fds-update handles cmd-1
[128] fds_pack_objects: number of objects: 1

 

Reference: TLS configuration.

 

By default, the minimum version allowed is TLSv1.2. The FortiGate will try to negotiate a connection using the configured version or higher. If the server that FortiGate is connecting to does not support the version, then the connection will not be made. Some FortiCloud and FortiGuard services do not support TLSv1.3.