Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Dongfang_Li_FTNT
Staff
Staff

Created on ‎08-23-2024 09:37 AM

Article Id 335943

Troubleshooting Tip: FortiGuard connection fails - Self-signed Certificate in Certificate Chain

Description

This article describes how to resolve an issue where the FortiGate GUI shows a FortiGuard update failed.

 

To troubleshoot the issue, FortiGate administrator runs the following 'update' debug:

 

diag debug reset

diag debug application update -1

exec update-now

diag debug enable

 

The logs show the updated failed because of a certificate error:

 

Cert error…… Self-signed certificate in certificate chain……

SSL_Connect fails, …… certificate verify failed.

 

FortiGuard-5.png

 

The network setup is as follows:

 

FortiGate – the third-party firewall - ISP.
Scope FortiOS v7.0 or later.
Solution

In the upstream, there is a third-party firewall enabling SSL deep inspection, which causes the FortiGuard update certificate error. The solution is to add an exemption in the upstream firewall for FortiGuard FQDN.

 

The FQDN for FortiGuard traffic can be found in the following documents.
786
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.