Description

This article describes how to solve the 'Internal Server Error' that may occur when importing a free trial license.

Scope

FortiGate.

Solution

diag debug app forticldd -1

diag debug app alert -1

diag fortitoken debug enable

diag debug enable

If the output looks similar to the following, consult the information below in this article.

2023-07-25 17:32:08 ftm_cfg_import_license[321]:import license 0000-0000-0000-0000-0000
2023-07-25 17:32:08 is_trial_tokens_available[55]:No trial tokens are available.
2023-07-25 17:32:08 ftm_fc_comm_connect[38]:ftm cannot resolve DNS
2023-07-25 17:32:08 ftm_fc_command[588]:forticare [ftm2.fortinet.net:443] unreachable

• Check the current configuration of 'fortiguard-anycast-source' to determine its set value, which includes two options: Fortinet and AWS.
  • fortinet - Use Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network.
  • aws - Use Fortinet's AWS servers to provide FortiGuard services in FortiGuard's anycast network.
    
    
• Selecting 'aws' as the 'fortiguard-anycast-source' will result in an internal server error:

config system fortiguard

    ...

    set fortiguard-anycast-source aws

    ...

end

• Changing the 'fortiguard-anycast-source' to 'fortinet' will make it possible to import the trial license. Run the following:

config system fortiguard

    ...

    set fortiguard-anycast-source fortinet

    ...

end

If the FortiToken is still not getting imported with the error 'Internal server error' and the FortiToken debugs show the same error above: 'forticare unreachable'. This happens due to an issue with anycast reachability. disable the anycast as shown below and try to import the FortiToken again.

config system fortiGuard

    set fortiguard-anycast disable

    set protocol udp

    set port 8888

    set sdns-server-ip 208.91.112.220 173.243.140.53 210.7.96.53

end

If the issue persists, contact Fortinet Support for more assistance.