Created on 08-23-2024 09:37 AM Edited on 06-10-2025 08:49 AM
Description |
This article describes how to resolve an issue where the FortiGate GUI shows a FortiGuard update failed.
To troubleshoot the issue, the FortiGate administrator runs the following 'update' debug:
diagnose debug reset diagnose debug application update -1 exec update-now diagnose debug enable
To disable debugs:
diagnose debug disable
The logs show the update failed because of a certificate error:
Cert error…… Self-signed certificate in certificate chain…… SSL_Connect fails, …… certificate verify failed.
The network setup is as follows:
|
Scope | FortiOS v7.0 or later. |
Solution |
In the upstream, there is a third-party firewall enabling SSL deep inspection, which causes the FortiGuard update certificate error. The solution is to add an exemption in the upstream firewall for FortiGuard FQDN.
The FQDN for FortiGuard traffic can be found in the following documents.
After making this change, run the following commands:
diagnose debug reset diagnose debug application update -1 exec update-now diagnose debug enable
Now, the certificate warning should be gone, and FortiGate should be able to communicate with the FortiGuard server.
To disable the debug processes above, run the following command:
diagnose debug disable
Related articles: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.