| Description |
This article describes how to resolve an issue where the FortiGate GUI shows a FortiGuard update failed.
To troubleshoot the issue, the FortiGate administrator runs the following 'update' debug:
diagnose debug reset diagnose debug application update -1 exec update-now diagnose debug enable
To disable debugs:
diagnose debug disable
The logs show the update failed because of a certificate error:
Cert error…… Self-signed certificate in certificate chain…… SSL_Connect fails, …… certificate verify failed.
The network setup is as follows:
|
| Scope | FortiOS v7.0 or later. |
| Solution |
In the upstream, there is a third-party firewall enabling SSL deep inspection, which causes the FortiGuard update certificate error. The solution is to add an exemption in the upstream firewall for FortiGuard FQDN.
The FQDN for FortiGuard traffic can be found in the following documents.
After making this change, run the following commands:
diagnose debug reset diagnose debug application update -1 exec update-now diagnose debug enable
Now, the certificate warning should be gone, and FortiGate should be able to communicate with the FortiGuard server.
To disable the debug processes above, run the following command:
diagnose debug disable
Related articles: |
