Check DNS settings, FortiGuard settings, and route configuration:

get system dns

get system fortiguard update

get system fortiguard webfilter

get system route <ID>

FortiNDR-VM-KVM # get system dns
Last Update Time :
primary : 208.91.112.53
secondary : 208.91.112.52
private-ip-query : disable
cache : enable
truncate-handling : tcp-retry
protected-domain-dns-state: disable
protected-domain-dns-servers:
cache-min-ttl : 300

FortiNDR-VM-KVM # get system fortiguard update
Last Update Time :
scheduled-update-status: disable
scheduled-update-frequency: every
scheduled-update-day: 0
scheduled-update-time: 1:60
override-server-status: disable
override-include-default-servers: enable
override-server-main-port: 443
override-server-address-main: 0.0.0.0
override-server-alt-port: 443
override-server-address-alt: 0.0.0.0
anycast-status : enable
tunneling-status : disable
tunneling-address : 0.0.0.0
tunneling-port : 0
tunneling-username :
tunneling-password : *

FortiNDR-VM-KVM # get system fortiguard webfilter
Last Update Time :
status : enable
cache-status : disable
cache-ttl : 300
cache-mpercent : 2
query-timeout : 7
server-override-status: disable
server-override-ip :
hostname : service.fortiguard.net
port : 53

FortiNDR-VM-KVM # get system route 1
<No.> : 1
destination : 0.0.0.0/0
gateway : 10.47.15.254
interface : port1

FortiNDR-VM-KVM # get system dns
Last Update Time :
primary : 208.91.112.53
secondary : 208.91.112.52
private-ip-query : disable
cache : enable
truncate-handling : tcp-retry
protected-domain-dns-state: disable
protected-domain-dns-servers:
cache-min-ttl : 300

 Check connectivity to FortiGuard servers by ping to ensure FortiNDR resolves DNS correctly:

execute ping update.fortiguard.net

execute ping service.fortiguard.

execute ping globalguardservice.fortinet.net

Check the FDS server list:

diagnose fds list

FortiNDR-VM-KVM # diagnose fds list
System Time: 2025-08-25 16:21:14 ICT (Uptime: 40d 21h 14m)
FDS Anycast servers: Enabled
FDS Update Server Override: Disabled

Current Default FortiGuard Update Server IPs:
210.7.96.19:443
149.5.232.36:443
140.174.22.36:443

Current Alternative FortiGuard Update Server IPs:
globalupdate.fortinet.net

Debug application update, and trigger update now:

diagnose debug application updated 7
diagnose debug enable
execute update now

FortiNDR-VM-KVM # diagnose debug application updated 7
System Time: 2025-08-25 16:40:19 ICT (Uptime: 0d 0h 4m)

FortiNDR-VM-KVM # diagnose debug enable
System Time: 2025-08-25 16:40:21 ICT (Uptime: 0d 0h 4m)

FortiNDR-VM-KVM # execute update now
Update will be done in the background

FortiNDR-VM-KVM # 08.25-16:40:25 upd_daemon.c[1025] upd_daemon-Received update now request
08.25-16:40:25 upd_daemon.c[384] do_update-Starting now UPDATE (final try)
08.25-16:40:25 upd_cfg_api.c[176] upd_cfg_get_host6_by_name-Failed to get ipv6 address for

fai.fortinet.net
08.25-16:40:25 upd_comm.c[668] upd_comm_connect_fds-Trying FDS 210.7.96.19:443
08.25-16:40:26 upd_comm.c[480] __upd_peer_vfy-Server certificate OK.
08.25-16:40:26 upd_comm.c[480] __upd_peer_vfy-Server certificate OK.
08.25-16:40:27 upd_pkg.c[174] pack_obj-Packing obj=Protocol=3.0|

Command=SelectiveUpdate|Firmware=FAIKVM-FW-7.6-642|SerialNumber=FAIVMSTM25000999|UpdateMethod=0|

AcceptDelta=1|Uid=ffc6e65d68c9144eb0d9f77042c32a61|

DataItem=00000000FCNI00000-00000.00000-0000000000*00000000FDNI00000-00000.

00000-0000000000*01000000FSCI00100-00000.00000-0000000000*04000000OBLT00000-00000.00000-0000000000

08.25-16:40:27 upd_pkg.c[277] get_fcpr_rsp_code-Unpacked obj:

Protocol=3.0|Response=200|Firmware=FPT033-FW-6.9-0250|SerialNumber=FPT-FAI-DELL0701|Server=FDSG|Persistent=false|

ResponseItem=00000000FCNI00000:200*00000000

FDNI00000:200*04000000OBLT00000:200*01000000FSCI00100:200
08.25-16:40:27 upd_install.c[1451] installUpdatePackage-install update package: update freezy expiry 0,1756114827
08.25-16:40:27 upd_install.c[927] doInstallUpdatePackage-doInstallUpdatePackage: update 5 packages

...

...

...

08.25-16:46:28 upd_fai.cpp[5975] processIOTSMergeFiles-iots installed version from [3.04409] to [3.08505]
08.25-16:46:28 upd_fai.cpp[5985] processIOTSMergeFiles-setting iots ver to 3.8505
08.25-16:46:28 upd_fai.cpp[5990] processIOTSMergeFiles-OPTIMIZE iots table
08.25-16:50:34 upd_fai.cpp[5998] processIOTSMergeFiles-OPTIMIZE iots table complete
08.25-16:50:34 upd_fai.cpp[6015] processIOTSMergeFiles-we need more iots packages
08.25-16:50:34 upd_fai.cpp[6019] processIOTSMergeFiles-merge iots delta files to iots db complete
08.25-16:50:35 upd_install.c[1816] upd_install_pkg-Installs delta files of IoT Single DB. Needs more packages
08.25-16:50:35 upd_status_api.c[32] upd_status_save_status-try to save on status file
08.25-16:50:35 upd_status_api.c[81] upd_status_save_status-Wrote status file
08.25-16:50:35 upd_act.c[316] __upd_act_update-Package installed. Wait for more packages
08.25-16:50:35 upd_comm.c[719] upd_comm_disconnect_fds-Disconnecting FDS 173.243.140.6:443
08.25-16:50:35 upd_comm.c[668] upd_comm_connect_fds-Trying FDS 173.243.140.6:443
08.25-16:50:35 upd_comm.c[480] __upd_peer_vfy-Server certificate OK.
08.25-16:50:35 upd_comm.c[480] __upd_peer_vfy-Server certificate OK.
08.25-16:50:35 upd_comm.c[480] __upd_peer_vfy-Server certificate OK.
08.25-16:50:35 upd_comm.c[375] check_ocsp_resp-OCSP status good