Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
jankit6
Staff
Staff

Created on ‎03-02-2023 05:40 AM Edited on ‎12-01-2025 02:36 AM By Staff

Article Id 247852

Troubleshooting Tip: Troubleshoot licensing issue in FortiSOAR

Description This article helps to troubleshoot the license-related issues in FortiSOAR GUI login.
Scope All supported versions of FortiSOAR.
Solution

The most common error on the GUI login with the licensing is 'FSR-Auth-003: License Entitlement Sync failed. Ensure that https://globalupdate.fortinet.net is accessible from your environment. If the issue still persists, contact support.'

 

image.png

 

It could be due to multiple reasons:

  1. Make sure the FortiSOAR license server is reachable from the FortiSOAR box:

 

curl -v -k https://globalupdate.fortinet.net

 

  1. Disable SSL inspection at Proxy for https://globalupdate.fortinet.net. It is important to note that FortiSOAR does server certificate verification when connecting to the update server; this can fail when SSL inspection is enabled at proxy, since the server certificate will be changed. To verify what certificate is presented during SSL negotiation:

    openssl s_client -connect globalupdate.fortinet.net:443 -showcerts

In case disabling SSL inspection is not possible, it is possible to import the correct CA issues for the proxy inspection. Refer to: Licensing FortiSOAR

  1. The following command can also be used to test the connectivity with the licensing server.

 

java -jar /opt/cyops-auth/bin/fdnclient.jar <serial_no> <device_uuid> https://globalupdate.fortinet.net

 

If the global update is reachable via Proxy only, then export the below variables before running the above command to test the connectivity:


export url=<proxy ip/fqdn>

export port=<proxy port>

export username=<proxy user>

export password=<password>

 

  1. In the case of the Docker environment:  URL, port, username, and password must be set in 'docker-compose YAML environment' and '/etc/environment'.

 

"docker environment"
url=<proxy ip/fqdn>
port=<...>


And:

 

"/etc/environment"
export url=<proxy ip/fqdn>
export port=<proxy port>
export username=<proxy user>
export password=<password>

 

Note:

Nginx listens 443 SSL must not be changed due to internal API calls.

 

  1. In case there is a firewall policy or IP filtering for the outbound traffic, the policy should allow the source address of FortiSOAR to the destination FQDN of globalupdate.fortinet.net
  2. For more details, review the logs below:

 

/var/log/cyops/cyops-auth/das.log
Labels:
2343
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.