The user can face the following error messages in the FortiManager/FortiAnalyzer Alert Console Message widget or Event Logs:

service:FGD, connect server 'addr:X.X.X.X, port:443, tz:-5, distance:0, src:DEFAULT' failed, reason='Connect error.

service:FCT, connect server 'addr:usforticlient.fortinet.net, port:443, tz:-5, distance:0, src:DEFAULT' failed, reason='Connect error.

2025-01-12 15:16:18 tz="+0000" log_id=0017026026 type=event subtype=fgd pri=information desc="Connect FortiGuard server failed" msg="service:geoip, connect server 'addr:X.X.X.X, port:443, tz:-5, distance:6, src:FDNI' failed, reason='Connect error" operation="FGD UPPULL" performed_on="Y.Y.Y.Y" changes="" user="fgdlinkd"

2025-01-12 14:58:28 tz="+0000" log_id=0017026026 type=event subtype=fgd pri=information desc="Connect FortiGuard server failed" msg="service:FCT, connect server 'addr:usforticlient.fortinet.net, port:443, tz:1, distance:0, src:DEFAULT' failed, reason='Connect error" operation="FDS UPPULL"

Such error logs are present when FortiManager/FortiAnalyzer is unable to reach the public FortiGuard server via the open Internet or proxy.

In the event there are no inherent connectivity issues between FortiManager/FortiAnalyzer and FortiGuard servers, the user may consider enabling FortiManager/FortiAnalyzer to contact global FortiGuard servers, instead of being restricted to FortiGuard servers only in the USA (default).

config system global

    set usg disable <----- Enabled by default.
end

Apply the following commands in the FortiManager/FortiAnalyzer CLI to validate the reachability to FortiGuard after the change to the Global FortiGuard server:

exe ping fds1.fortinet.com

diagnose fmupdate view-serverlist fds

diagnose fmupdate view-serverlist fgd

diagnose fmupdate dbcontract

diagnose fmupdate view-linkd-log fds