Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ehanssen
Staff
Staff

Created on ‎05-07-2025 07:48 AM Edited on ‎05-07-2025 10:17 AM By Moderator

Article Id 390923

Troubleshooting Tip: FortiZTP provisioning errors due to wrong region - 'Incomplete - Waiting for connection'

Description This article describes why provisioning fails with an 'Incomplete: waiting for connection' error.
Scope FortiZTP 25.1.a (product page).
Solution

This article describes provisioning issues via FortiZTP where provisioning fails and the process is stuck in the state 'Incomplete - Waiting for connection' on the FortiZTP page.

 

When following the troubleshooting steps as described in Provisioning FortiGate to FortiManager self-diagnosis, pinging and telnet works, but the forticldd output shows the sever as unknown and the debug throws the error message 'FGT internal error(-1)'.

 

Here is an example of such an output:

 

FortiGate-40F # diagnose test application forticldd 3

Debug zone info:

    FAZCLOUD:

    Domain:

    Home log server: 0.0.0.0:0

    Alt log server: 0.0.0.0:0

    Active Server IP:      0.0.0.0

    Active Server status:  unknown

    Log quota:      0MB

    Log used:       0MB

    Daily volume:   0MB

    fams archive pause: 0

    APTContract : 0

    APT server: 0.0.0.0:0

    APT Altserver: 0.0.0.0:0

    Active APTServer IP:      0.0.0.0

    Active APTServer status:  unknown

 

FortiGate-40F # diagnose debug application forticldd -1

FortiGate-40F # diagnose debug enable

FortiGate-40F # execute fortiguard-log join

 

[755] __tcps_ssl_connect: SSL connected.
[870] tcps_connect: 154.52.10.102:443 -- ret 0, state 0x12(SSL-Connecting) -> 0x5(Established)
[507] fds_https_connect: https_connect(154.52.10.102:443) is established.
[300] fds_svr_default_on_established: log-controller has connected to ip=154.52.10.102:443
[307] fds_svr_default_on_established: server-log-controller handles cmd-112
[126] fds_pack_objects: number of objects: 1
[96] fds_print_msg: FCPC: len=146
[103] fds_print_msg: Protocol=2.0
[103] fds_print_msg: Command=Account
[103] fds_print_msg: Firmware=FGT40F-FW-7.04-2702
[103] fds_print_msg: SerialNumber=FGT40FTK21031048
[103] fds_print_msg: TimeZone=-7
[103] fds_print_msg: TimeZoneInMin=-420
[103] fds_print_msg: DataItem=Action:Join
[96] fds_print_msg: http req: len=259
[103] fds_print_msg: POST https://154.52.10.102:443/FCPService/Controller HTTP/1.1
[103] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
[103] fds_print_msg: Host: 154.52.10.102:443
[103] fds_print_msg: Cache-Control: no-cache
[103] fds_print_msg: Connection: close
[103] fds_print_msg: Content-Type: application/octet-stream
[103] fds_print_msg: Content-Length: 338
[511] fds_https_connect: http request to 154.52.10.102:443: header=259, ext=338.
[245] fds_https_send: sent 259 bytes: pos=0, len=259
[252] fds_https_send: 154.52.10.102:443: sent 259 byte header, now send 338-byte body
[245] fds_https_send: sent 338 bytes: pos=0, len=338
[260] fds_https_send: sent the entire request to server: 154.52.10.102:443
Failed: FGT internal error(-1)
Command fail. Return code 5

 

To stop the debugging, run the following:

 

diagnose debug disable

 

The issue is down to the FortiGate Cloud page where the FortiGate is provisioned via FortiZTP. The FortiGate is deployed in the wrong region. If this issue is encountered, change the region from Global to the appropriate region (or vice versa) on the FortiGate Cloud page, and redeploy.
424
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.