FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
takizuki
Staff
Staff
Description
This article describes what CLI command to confirm if FortiManager is communicating with upstream FDS servers for AV/IPS package updates.  By default it will first connect to fds1.fortinet.com and then obtain a dynamic list of other FortiGuard distribution servers, and will then attempt contacting the first one on the list, and move down if it fails.  Note that a failure to connect to one or more servers might be normal, and if so, the FMG will attempt to contact the other servers in the list.



Solution
1. Run " diag fmupdate view-linkd-log fds"

FMG200D # diag fmupdate view-linkd-log fds
2017/04/25_13:54:13.855 info fds_svrd[8171]: FCP_CONN:: received object: id=04000000OBLT00000 ver=00000.00000-1704250453 size=10496
2017/04/25_13:54:13.986 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000SRUL00000 ver=00000.00000-1704192031 size=1328
2017/04/25_13:54:13.990 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000BREG00000 ver=00000.00000-1702211958 size=1448
2017/04/25_13:54:13.990 info fds_svrd[8171]: FCP_CONN:: received object: id=01000000OBJL00000 ver=00000.00000-1704191737 size=232
2017/04/25_13:54:14.120 info fds_svrd[8171]: __process_OBLT: has NO updates
2017/04/25_13:54:14.147 info fds_svrd[8171]: Check update with fds 96.45.33.91 SUCCESS
2017/04/25_13:56:32.502 debug um_db_stat[419]: _check_timeout_device: time out for 300 seconds
2017/04/25_13:56:32.503 debug um_db_stat[9070]: _um_dump_device_url_query,315: dump 0 items, hash size=0
2017/04/25_13:56:32.503 debug um_db_stat[9070]: _um_dump_device_spam_query,341: dump 0 items, hash size=0
2017/04/25_13:56:32.503 debug um_db_stat[9070]: um_query_stat_dump_device_record,391: time cost:0.000245s
2017/04/25_13:58:14.935 info fds_svrd[8171]: Start fds client session to '96.45.33.91:443', task = SELPOLL
2017/04/25_13:58:17.935 error fds_svrd[8171]: FCP_CONN error
2017/04/25_13:58:17.935 info fds_svrd[8171]: Check update with fds 96.45.33.91 FAIL <=failing to connect to FDS server "96.45.33.91:443"

2.  Routing issue was found.fixed it and run  "diag fmupdate view-linkd-log fds" again.
2017/04/25_14:00:15.907 info fds_svrd[8171]: Start fds client session to '61.204.170.252:443', task = SELPOLL
2017/04/25_14:00:15.923 info fds_svrd[8171]: FCP_CONN:: connect to server 10.130.9.2:47044 -> 61.204.170.252:443
2017/04/25_14:00:15.972 info fds_svrd[8171]: [FMG-->FDS] Request: Protocol=4.0|Command=SelectivePoll|Firmware=FMG200D-FW-5.4-1151|
SerialNumber=FM200D3A15000307|Persistent=false|DataItem=01000000CATL00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000
*04000000OBLT00000-00000.00000-0000000000*03001000SRUL00000-00000.00000-0000000000*03001000BREG00000-00000.00000-0000000000*01000000BLDV000
-00000.00000-0000000000*01000000OBJL00000-00000.00000-0000000000|AcceptDelta=1|ContractItem=FG1K5D3I15802393*FG3K6C3A15800039*FM200D3A15000
*FSA1KD3A15000218*FW90DP3Z14001225*FW90DP3Z14001234*FM200D3A15000307^M ^M
2017/04/25_14:00:16.049 info fds_svrd[8171]: FCP_CONN:: receiving package: num_objects=7 total_size=15568
2017/04/25_14:00:16.049 info fds_svrd[8171]: FCP_CONN:: received object: id=00000000FCPR00000 ver=00000.00000-1704250500 size=288
2017/04/25_14:00:16.049 info fds_svrd[8171]: [FDS-->FMG] Response: Protocol=4.0|Response=200|Firmware=FPT033-FW-6.1-0006|SerialNumber=
FPT-FDS-DELL0016|Server=FDSG|Persistent=false|ResponseItem=01000000CATL00000:204*00000000FDNI00000:200*04000000OBLT00000:200*03001000SRUL00000
:200*03001000BREG00000:200*01000000BLDV00000:204*01000000OBJL00000:200^M ^M
2017/04/25_14:00:16.049 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000FSSI00000 ver=00000.00000-1704250500 size=408
2017/04/25_14:00:16.069 info fds_svrd[8171]: FCP_CONN:: received object: id=00000000FDNI00000 ver=00000.00000-1704192022 size=480
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=04000000OBLT00000 ver=00000.00000-1704250458 size=10488
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000SRUL00000 ver=00000.00000-1704192031 size=1328
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000BREG00000 ver=00000.00000-1702211958 size=1448
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=01000000OBJL00000 ver=00000.00000-1704191737 size=232
2017/04/25_14:00:16.441 info fds_svrd[8171]: __process_OBLT: has NO updates
2017/04/25_14:00:16.443 info fds_svrd[8171]: Check update with fds 61.204.170.252 SUCCESS <=succeeded to connect to FDS server "61.204.170.252"



The following command indicates the starting point where the first FQDN server is contacted, and upon successful connection, the entire list of FDS servers is obtained:

FMG-560-561-562_M # diag fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode   : Loose
FDS server list        :
Index   Address                    Port            TimeZone        Distance        Source
------------------------------------------------------------------------------------------------------
*0      fds1.fortinet.com          443             1               0               DEFAULT


<snip>
2018/03/19_09:16:50.887 info    fds_svrd[10499]: Check update with fds fds1.fortinet.com SUCCESS
2018/03/19_09:16:50.887 info    fds_svrd[10499]: Start fds client session to '62.209.40.78:443', task = POLL svc=0
<snip>

FMG-560-561-562_M # diag fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode   : Loose
FDS server list        :
Index   Address                    Port            TimeZone        Distance        Source
------------------------------------------------------------------------------------------------------
*0      62.209.40.78               443             1               0               FDNI
 1      96.45.33.90                443             0               1               FDNI
 2      96.45.33.85                443             0               1               FDNI
 3      96.45.33.82                443             0               1               FDNI
 4      96.45.33.81                443             0               1               FDNI
 5      96.45.33.80                443             0               1               FDNI
 6      96.45.33.89                443             -5              6               FDNI
 7      65.210.95.242              443             -5              6               FDNI
 8      65.210.95.241              443             -5              6               FDNI
 9      209.222.136.8              443             -5              6               FDNI
 10     209.222.136.7              443             -5              6               FDNI
 11     209.222.136.22             443             -5              6               FDNI
 12     173.243.138.77             443             -5              6               FDNI
 13     173.243.138.76             443             -5              6               FDNI
 14     173.243.138.75             443             -5              6               FDNI
 15     173.243.138.71             443             -5              6               FDNI
 16     173.243.138.70             443             -5              6               FDNI
 17     173.243.138.69             443             -5              6               FDNI
 18     96.45.33.91                443             9               8               FDNI
 19     173.243.138.80             443             9               8               FDNI
 20     173.243.138.79             443             9               8               FDNI
 21     173.243.138.78             443             -8              9               FDNI
 22     173.243.138.74             443             -8              9               FDNI
 23     173.243.138.73             443             -8              9               FDNI
 24     173.243.138.72             443             -8              9               FDNI
 25     173.243.138.68             443             -8              9               FDNI
 26     173.243.138.67             443             -8              9               FDNI
 27     173.243.138.66             443             -8              9               FDNI
 28     fds1.fortinet.com          443             1               0               DEFAULT


FMG-560-561-562_M #



Contributors