Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
tkanneganti
Staff
Staff

Created on ‎10-19-2022 07:12 AM Edited on ‎06-25-2024 10:14 PM By Moderator

Article Id 227170

Troubleshooting Tip: Fix FortiSwitch showing as offline on FortiLAN cloud

Description This article describes how to fix an issue where FortiSwitch shows as offline on the FortiLAN cloud account despite being active.
Scope FortiSwitch 22.x.
Solution

To manage FortiSwitch with a FortiLAN cloud configuration, refer to page 12 of the FortiSwitch OS Administration Guide.

 

The FortiSwitch should be registered and have ports 5246, 5247, and 443 opened in the network. Sometimes, even when the FortiSwitch is registered under FortiCare and has these ports open, the FortiSwitch still shows offline on the FortiLAN cloud portal.

 

It is possible to check the connection status of FortiLAN Cloud from the switch:

 

get system flan-cloud

get system flan-cloud-mgr connection-info

 

One possible cause is an SSL setup failure due to an incorrect time on the FortiSwitch. Ensure the time is correct in the FortiSwitch to facilitate proper certificate exchange between the FortiLAN cloud and FortiSwitch.

Make sure NTP is synchronized.

 

diagnose sys ntp status

 

An SSL setup failure can be identified by using the following commands on Fortiswitch:

 

diagnose debug application flan-mgr -1
diagnose debug console timestamp enable
diagnose debug enable

 

To stop the log, use the following commands:

 

diagnose debug disable
diagnose debug application flan-mgr 0

 

If an SSL setup failure occurred, the logs will display similar information to the following:


1970-01-23 11:54:29 load_and_verify_certificate:514: Exiting ...
1970-01-23 11:54:29 create_ssl_conn_obj_for_access_server:669: [SID: -1] SSL_Connect(fd:9) error code=1, unspecified certificate verification error
1970-01-23 11:54:29 create_ssl_conn_obj_for_access_server:692: Exiting ..rcode=0
1970-01-23 11:54:29 flan_mgr_setup_ssl_conn:728: [SID: -1] SSL object creation failed
1970-01-23 11:54:29 flan_mgr_setup_ssl_conn:771: Exiting ...(rcode=0)
1970-01-23 11:54:29 __switch_state_join_enter:160: SSL setup unsuccessful (event=EV_JOIN_START).
1970-01-23 11:54:29 flan_mgr_fsm_state_transition:355: Entering ...state=FLAN_MGR_STATE_JOIN, event=EV_JOIN_FAILED

 

In this log, the SSL setup fails because the time on the FortiSwitch is incorrect, which prevents validation of the certificate. Correct the time configuration on FortiSwitch to allow it to show as online on FortiLAN Cloud.

See page 47 of the FortiSwitch OS Administration Guide for instructions on how to correct the time configuration.
2616
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.