Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ychia
Staff
Staff

Created on ‎02-16-2023 01:18 AM Edited on ‎03-17-2024 07:33 AM By Moderator

Article Id 246072

Troubleshooting Tip: High Availability secondary unit cannot connect to FortiGuard servers

Description

This article describes an issue where secondary HA cluster units cannot connect to the FortiGuard servers to perform updates.
Scope Any supported version of FortiGate.
Solution

In an HA cluster, customers with individual cluster units enabled with a reserved management interface for UI access find that secondary units cannot connect to FortiGuard servers.

 

The following error message shows in the UI:

 

ychia_0-1676538452296.png

 

This behavior is expected. Secondary unit FortiGates are not intended to be able to communicate with the FortiGuard server directly for security reasons. The secondary unit is behaving as intended.


Instead, use the primary FortiGate to communicate with the FortiGuard servers and update the Secondary FortiGate. See the FortiGate Cookbook for instructions.

Even if the HA is in A-A or A-P enabled with a reserved management interface, this is expected behavior.
1211
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.