Troubleshooting Tip: How to troubleshoot issue related to FortiManager/FortiAnalyzer and FortiGuard connectivity

jasonhong · ‎09-02-2025

Description

This article describes how to troubleshoot issues related to FortiManager/FortiAnalyzer and FortiGuard connectivity.

Scope

FortiManager, FortiAnalyzer.

Solution

The user can face the following error messages in the FortiManager/FortiAnalyzer Alert Console Message widget or Event Logs:

service:FGD, connect server 'addr:X.X.X.X, port:443, tz:-5, distance:0, src:DEFAULT' failed, reason='Connect error.

service:FCT, connect server 'addr:usforticlient.fortinet.net, port:443, tz:-5, distance:0, src:DEFAULT' failed, reason='Connect error.

2025-01-12 15:16:18 tz="+0000" log_id=0017026026 type=event subtype=fgd pri=information desc="Connect FortiGuard server failed" msg="service:geoip, connect server 'addr:X.X.X.X, port:443, tz:-5, distance:6, src:FDNI' failed, reason='Connect error" operation="FGD UPPULL" performed_on="Y.Y.Y.Y" changes="" user="fgdlinkd"

2025-01-12 14:58:28 tz="+0000" log_id=0017026026 type=event subtype=fgd pri=information desc="Connect FortiGuard server failed" msg="service:FCT, connect server 'addr:usforticlient.fortinet.net, port:443, tz:1, distance:0, src:DEFAULT' failed, reason='Connect error" operation="FDS UPPULL"

Such error logs are present when FortiManager/FortiAnalyzer is unable to reach the public FortiGuard server via the open Internet or proxy.

In the event there are no inherent connectivity issues between FortiManager/FortiAnalyzer and FortiGuard servers, the user may consider enabling FortiManager/FortiAnalyzer to contact global FortiGuard servers, instead of being restricted to FortiGuard servers only in the USA (default).

config system global

set usg disable <----- Enabled by default.
end

Troubleshooting Tip: How to troubleshoot issue related to FortiManager/FortiAnalyzer and FortiGuard connectivity

You are leaving our website