Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
- Fortinet Community
- Knowledge Base
- FortiManager
- CLI command to confirm if FMG is communicating wit...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Description
This article describes what CLI command to confirm if FortiManager is communicating with upstream FDS servers for AV/IPS package updates. By default it will first connect to fds1.fortinet.com and then obtain a dynamic list of other FortiGuard distribution servers, and will then attempt contacting the first one on the list, and move down if it fails. Note that a failure to connect to one or more servers might be normal, and if so, the FMG will attempt to contact the other servers in the list.
Solution
The following command indicates the starting point where the first FQDN server is contacted, and upon successful connection, the entire list of FDS servers is obtained:
FMG-560-561-562_M # diag fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Loose
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 fds1.fortinet.com 443 1 0 DEFAULT
<snip>
2018/03/19_09:16:50.887 info fds_svrd[10499]: Check update with fds fds1.fortinet.com SUCCESS
2018/03/19_09:16:50.887 info fds_svrd[10499]: Start fds client session to '62.209.40.78:443', task = POLL svc=0
<snip>
FMG-560-561-562_M # diag fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Loose
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 62.209.40.78 443 1 0 FDNI
1 96.45.33.90 443 0 1 FDNI
2 96.45.33.85 443 0 1 FDNI
3 96.45.33.82 443 0 1 FDNI
4 96.45.33.81 443 0 1 FDNI
5 96.45.33.80 443 0 1 FDNI
6 96.45.33.89 443 -5 6 FDNI
7 65.210.95.242 443 -5 6 FDNI
8 65.210.95.241 443 -5 6 FDNI
9 209.222.136.8 443 -5 6 FDNI
10 209.222.136.7 443 -5 6 FDNI
11 209.222.136.22 443 -5 6 FDNI
12 173.243.138.77 443 -5 6 FDNI
13 173.243.138.76 443 -5 6 FDNI
14 173.243.138.75 443 -5 6 FDNI
15 173.243.138.71 443 -5 6 FDNI
16 173.243.138.70 443 -5 6 FDNI
17 173.243.138.69 443 -5 6 FDNI
18 96.45.33.91 443 9 8 FDNI
19 173.243.138.80 443 9 8 FDNI
20 173.243.138.79 443 9 8 FDNI
21 173.243.138.78 443 -8 9 FDNI
22 173.243.138.74 443 -8 9 FDNI
23 173.243.138.73 443 -8 9 FDNI
24 173.243.138.72 443 -8 9 FDNI
25 173.243.138.68 443 -8 9 FDNI
26 173.243.138.67 443 -8 9 FDNI
27 173.243.138.66 443 -8 9 FDNI
28 fds1.fortinet.com 443 1 0 DEFAULT
FMG-560-561-562_M #
This article describes what CLI command to confirm if FortiManager is communicating with upstream FDS servers for AV/IPS package updates. By default it will first connect to fds1.fortinet.com and then obtain a dynamic list of other FortiGuard distribution servers, and will then attempt contacting the first one on the list, and move down if it fails. Note that a failure to connect to one or more servers might be normal, and if so, the FMG will attempt to contact the other servers in the list.
Solution
1. Run " diag fmupdate view-linkd-log fds"
FMG200D # diag fmupdate view-linkd-log fds
2017/04/25_13:54:13.855 info fds_svrd[8171]: FCP_CONN:: received object: id=04000000OBLT00000 ver=00000.00000-1704250453 size=10496
2017/04/25_13:54:13.986 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000SRUL00000 ver=00000.00000-1704192031 size=1328
2017/04/25_13:54:13.990 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000BREG00000 ver=00000.00000-1702211958 size=1448
2017/04/25_13:54:13.990 info fds_svrd[8171]: FCP_CONN:: received object: id=01000000OBJL00000 ver=00000.00000-1704191737 size=232
2017/04/25_13:54:14.120 info fds_svrd[8171]: __process_OBLT: has NO updates
2017/04/25_13:54:14.147 info fds_svrd[8171]: Check update with fds 96.45.33.91 SUCCESS
2017/04/25_13:56:32.502 debug um_db_stat[419]: _check_timeout_device: time out for 300 seconds
2017/04/25_13:56:32.503 debug um_db_stat[9070]: _um_dump_device_url_query,315: dump 0 items, hash size=0
2017/04/25_13:56:32.503 debug um_db_stat[9070]: _um_dump_device_spam_query,341: dump 0 items, hash size=0
2017/04/25_13:56:32.503 debug um_db_stat[9070]: um_query_stat_dump_device_record,391: time cost:0.000245s
2017/04/25_13:58:14.935 info fds_svrd[8171]: Start fds client session to '96.45.33.91:443', task = SELPOLL
2017/04/25_13:58:17.935 error fds_svrd[8171]: FCP_CONN error
2017/04/25_13:58:17.935 info fds_svrd[8171]: Check update with fds 96.45.33.91 FAIL <=failing to connect to FDS server "96.45.33.91:443"
2. Routing issue was found.fixed it and run "diag fmupdate view-linkd-log fds" again.
2017/04/25_14:00:15.907 info fds_svrd[8171]: Start fds client session to '61.204.170.252:443', task = SELPOLL
2017/04/25_14:00:15.923 info fds_svrd[8171]: FCP_CONN:: connect to server 10.130.9.2:47044 -> 61.204.170.252:443
2017/04/25_14:00:15.972 info fds_svrd[8171]: [FMG-->FDS] Request: Protocol=4.0|Command=SelectivePoll|Firmware=FMG200D-FW-5.4-1151|
SerialNumber=FM200D3A15000307|Persistent=false|DataItem=01000000CATL00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000
*04000000OBLT00000-00000.00000-0000000000*03001000SRUL00000-00000.00000-0000000000*03001000BREG00000-00000.00000-0000000000*01000000BLDV000
-00000.00000-0000000000*01000000OBJL00000-00000.00000-0000000000|AcceptDelta=1|ContractItem=FG1K5D3I15802393*FG3K6C3A15800039*FM200D3A15000
*FSA1KD3A15000218*FW90DP3Z14001225*FW90DP3Z14001234*FM200D3A15000307^M ^M
2017/04/25_14:00:16.049 info fds_svrd[8171]: FCP_CONN:: receiving package: num_objects=7 total_size=15568
2017/04/25_14:00:16.049 info fds_svrd[8171]: FCP_CONN:: received object: id=00000000FCPR00000 ver=00000.00000-1704250500 size=288
2017/04/25_14:00:16.049 info fds_svrd[8171]: [FDS-->FMG] Response: Protocol=4.0|Response=200|Firmware=FPT033-FW-6.1-0006|SerialNumber=
FPT-FDS-DELL0016|Server=FDSG|Persistent=false|ResponseItem=01000000CATL00000:204*00000000FDNI00000:200*04000000OBLT00000:200*03001000SRUL00000
:200*03001000BREG00000:200*01000000BLDV00000:204*01000000OBJL00000:200^M ^M
2017/04/25_14:00:16.049 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000FSSI00000 ver=00000.00000-1704250500 size=408
2017/04/25_14:00:16.069 info fds_svrd[8171]: FCP_CONN:: received object: id=00000000FDNI00000 ver=00000.00000-1704192022 size=480
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=04000000OBLT00000 ver=00000.00000-1704250458 size=10488
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000SRUL00000 ver=00000.00000-1704192031 size=1328
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=03001000BREG00000 ver=00000.00000-1702211958 size=1448
2017/04/25_14:00:16.304 info fds_svrd[8171]: FCP_CONN:: received object: id=01000000OBJL00000 ver=00000.00000-1704191737 size=232
2017/04/25_14:00:16.441 info fds_svrd[8171]: __process_OBLT: has NO updates
2017/04/25_14:00:16.443 info fds_svrd[8171]: Check update with fds 61.204.170.252 SUCCESS <=succeeded to connect to FDS server "61.204.170.252"
The following command indicates the starting point where the first FQDN server is contacted, and upon successful connection, the entire list of FDS servers is obtained:
FMG-560-561-562_M # diag fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Loose
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 fds1.fortinet.com 443 1 0 DEFAULT
<snip>
2018/03/19_09:16:50.887 info fds_svrd[10499]: Check update with fds fds1.fortinet.com SUCCESS
2018/03/19_09:16:50.887 info fds_svrd[10499]: Start fds client session to '62.209.40.78:443', task = POLL svc=0
<snip>
FMG-560-561-562_M # diag fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Loose
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 62.209.40.78 443 1 0 FDNI
1 96.45.33.90 443 0 1 FDNI
2 96.45.33.85 443 0 1 FDNI
3 96.45.33.82 443 0 1 FDNI
4 96.45.33.81 443 0 1 FDNI
5 96.45.33.80 443 0 1 FDNI
6 96.45.33.89 443 -5 6 FDNI
7 65.210.95.242 443 -5 6 FDNI
8 65.210.95.241 443 -5 6 FDNI
9 209.222.136.8 443 -5 6 FDNI
10 209.222.136.7 443 -5 6 FDNI
11 209.222.136.22 443 -5 6 FDNI
12 173.243.138.77 443 -5 6 FDNI
13 173.243.138.76 443 -5 6 FDNI
14 173.243.138.75 443 -5 6 FDNI
15 173.243.138.71 443 -5 6 FDNI
16 173.243.138.70 443 -5 6 FDNI
17 173.243.138.69 443 -5 6 FDNI
18 96.45.33.91 443 9 8 FDNI
19 173.243.138.80 443 9 8 FDNI
20 173.243.138.79 443 9 8 FDNI
21 173.243.138.78 443 -8 9 FDNI
22 173.243.138.74 443 -8 9 FDNI
23 173.243.138.73 443 -8 9 FDNI
24 173.243.138.72 443 -8 9 FDNI
25 173.243.138.68 443 -8 9 FDNI
26 173.243.138.67 443 -8 9 FDNI
27 173.243.138.66 443 -8 9 FDNI
28 fds1.fortinet.com 443 1 0 DEFAULT
FMG-560-561-562_M #
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.