|
On Firmware 6.4.x, 7.0.x, 7.2.x, 7.4.x, 7.6.x, FortiGate GUI reports unable to reach FortiGuard Services and the CLI reports FortiGuard Server as down.
In the environment, if the FortiGate is configured to use an Internet Link that has a NAT Pool attached, the traffic originating from the FortiGate will not be NAT’d when it egresses the Firewall. This will have the effect of traffic egressing with a Source IP that may be blocked by the upstream network devices/ISP.
When running the following debug commands, it is observed that outbound traffic times out:
debug commands for FortiGuard:
diagnose debug reset
diagnose debug application update -1
diagnose debug enable
This issue can be resolved by setting the Source IP Address to be a member of the NAT Pool.
config system fortiguard
set source-ip address xx.xx.xx.xx <IP Address within NAT Pool>
end
The result is that traffic originating from the FortiGate will then use an IP Address within the range as the configured NAT Pool, and egress the Internet link successfully.
|
