Description
This article describes how to verify and troubleshoot FortiGuard connectivity on FortiManager.
Anti-virus updates will be used as example.
Scope
FortiManager.
Solution
The terminology used in this document:
- FDS= FortiGate AV/IPS.
- FGD= FortiGate Web-/Email filter.
- AV= Anti-Virus.
- IPS= Intrusion Prevention System.
- WF= Web-Filtering.
- AS= Anti-Spam
- Ensure that FortiManager able to populate the product support coverages of the manage firewall.
Go to FortiGuard -> License Status.
- Ensure that FortiGuard communication is enabled.
AntiVirus and IPS Service needs to be 'ON' and FortiGate/FortiMail/FotiSandbox/FortiClient/FortiSwitch version has to be checked.
- Verify that service access for FortiGate Updates (FDS) or Web Filtering (FGD) are enable on FortiManager management interface.
Manage unit will not able to get the update if it is not enable.
- Check the FDS server list.
From CLI, use the command below:
diagnose fmupdate view-serverlist fds
Note that (*) on 96.45.33.87 means this is the current active FDS server.
FortiManager will use the next available server, 173.243.138.92 if it fails to connect to 96.45.33.87.
- Verify the connectivity using a packet sniffer.
diagnose sniffer packet any “host <current fds server> and port 443”
- Check the FDS connectivity log with the command below:
diagnose fmupdate view-linkd-log fds
2020/10/13_20:46:14.608 info fds_svrd[32057]: Start fds client session to '96.45.33.87 :443', task = POLL svc=1
2020/10/13_20:46:15.509 info fds_svrd[32057]: [FMG-->FDS] Request: Protocol=3.0|Command=Poll|Firmware=FMG-VM64-KVM-FW-6.04-2122|SerialNumber=FMG-VM0000000001|Persistent=false|AcceptDelta=0^M ^M
2020/10/13_20:46:16.580 info fds_svrd[32057]: FCP_CONN:: receiving package: num_objects=3 total_size=1112
2020/10/13_20:46:16.580 info fds_svrd[32057]: FCP_CONN:: received object: id=00000000FCPR00000 ver=00000.00000-2010130946 size=176
2020/10/13_20:46:16.580 info fds_svrd[32057]: [FDS-->FMG] Response: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.7-0121|SerialNumber=FPT-FCS-DELL0048|Server=FDSG|Persistent=false|ResponseItem=00000000FCNI00000:200*00000000FDNI00000:200^M ^M
2020/10/13_20:46:16.580 info fds_svrd[32057]: FCP_CONN:: received object: id=00000000FCNI00000 ver=00000.00000-2001201850 size=88
2020/10/13_20:46:16.580 info fds_svrd[32057]: FCP_CONN:: received object: id=00000000FDNI00000 ver=00000.00000-2008010807 size=464
2020/10/13_20:46:16.581 info fds_svrd[32057]: Check update with fds 96.45.33.87 SUCCESS
- Check the anti-virus version and release date/time.
Compare with FortiGuard https://www.fortiguard.com/learnmore#av.
Perform a manual update with the command below:
diagnose fmupdate updatenow fds
Check the result of fmupdate updatenow with below command which will show the status for latest update trial and the data of latest update:
diagnose fmupdate update-status fgd
Service=fgd|Response=202|UpdatedDate=2024-04-19|UpdatedTime=03:56:28|Status=-1|UpullErr=Connect error|UpullServer=208.184.237.64|TotalObjNum=7|CurrentObj=7|DownloadSize=5737|TotalPackageSize=5737
Service=fgfq|Response=202|Status=0|UpullErr=|UpullServer=null|TotalObjNum=0|CurrentObj=0|DownloadSize=0|TotalPackageSize=0
Service=geoip|Response=202|UpdatedDate=2024-04-10|UpdatedTime=21:23:32|Status=-1|UpullErr=Connect error|UpullServer=140.174.22.70|TotalObjNum=3|CurrentObj=3|DownloadSize=1301|TotalPackageSize=1301
diagnose fmupdate update-status fds
Service=FGT|Response=202|UpdatedDate=2024-04-17|UpdatedTime=16:54:01|LastSuccessDate=2024-04-17|LastSuccessTime=16:54:02|Status=-1|UpullStat=Disconnected|UpullErr=Connect error|UpullServer=208.184.237.68|TotalObjN
um=1|CurrentObj=1|DownloadSize=248|TotalPackageSize=248
a manual update with the command below:
-
Run the debug below if the FDS update still fails:
diagnose debug application fdssvrd 255
diagnose debug enable
Related documents:
