Troubleshooting Tip: Failed download of FortiGuard malware domains, IPs, and URLs with error: 'Update failed: No SSL Connection'

lucianag22 · ‎09-26-2024

Description

This article describes how to troubleshoot the error Update failed when trying to download FortiGuard malware domains, IPs, and URLs.

The following error is seen by the GUI and the error log below is generated in the app server Phoenix log:

tail -f /opt/glassfish/domains/domain1/logs/phoenix.log | grep FORTIGUARD_IOC

[PHScheduler_Worker-15] ERROR com.ph.phoenix.service.integration.ioc.IOCIntegrationService - [PH_APPSERVER_FORTIGUARD_IOC_INTEGRATION_ERROR]:[phCustId]=1,[eventSeverity]=PHL_ERROR,[phEventCategory]=3,[errorCode]=3,[procName]=AppServer,[phLogDetail]=No SSL Connect

Scope

Supervisor.

Solution

Connect by SSH to the Supervisor and run the following command to check if there is a valid IOC license.

phLicenseTool --show

Check if the Error No SSL Connection comes up from the app server log:

tail -f /opt/glassfish/domains/domain1/logs/phoenix.log | grep FORTIGUARD_IOC
Check if the FortiSIEM can resolve update.fortiguard.net and is able to access by port 443:

dig update.fortiguard.net
Check if there is a specific entry for update.fortiguard.net in the file /etc/hosts that resolves this domain to a different IP than the previous result.
Usually, this is a communication error, run a tcpdump to check if the FortiSIEM can reach without any restriction, note the firewall policy to reach update.fortiguard.net should not use ssl inspection profile.

tcpdump host update.fortiguard.net and dst port 443 -w fortiguard.pcap
If the issue persists after checking Internet access from supervisor, open a ticket with technical support, and provide the output of the commands and fortiguard.pcap.

Related documents:

Troubleshooting Tip: Updating Content Fails With FDS Connection error: No SSL Connection (code=3)

Working with FortiGuard IOCs

cmartinez1 · ‎10-30-2024

Thank you very much for the information, it was very helpful.