Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rroy
New Contributor

FortiCare unreachable

After I unassign Fortitoken, this token shows locked that I can't assign it to others, I tried to unlock it but it shows as Error in CTL, I found that all my Fortitoken can't be assigned or imported because FortiCare unreachable, and my settings don't have "fortiguard-anycast & protocol", please help me. FortiGate 

 

Rroy_0-1655518151597.png

Rroy_1-1655518164395.png

 

Rroy_2-1655518182158.pngRroy_3-1655518203720.png

 

8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Hello Rroy,

 

Thank you for using the Community Forum.

 

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards

Anthony-Fortinet Community Team.
Debbie_FTNT
Staff
Staff

Hey Rroy,

do you still have issues with assigning tokens?

Regarding the anycast/protocol settings, they are only available in higher firmware versions (assuming you are on 5.4 as your post is tagged).

If the issue is still persisting, you might want to consider opening a ticket with Fortinet Technical Support for assistance with digging into the connection between FortiGate and the FortiToken servers.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Rroy

Hi Debbie

 

The issue still remains, where do I go to create a ticket?

 

knaveenkumar
Staff
Staff

please provide the below commands 

Putty1:

dia debug app update -1 

dia de en 

 

execute update-now 

 

Putty2:

========

dia sniffer packet any "host x.x.x.x " 4 0 a 

x.x.x.x ip address generating putty1 

 

Please share both logs and give us update.

-Naveen  

Rroy

Rroy_0-1655774454092.png

Rroy_1-1655776209555.pngRroy_2-1655776295664.png

 

Hi Naveen 

 

 Please check the picture above, when I use a foreign IP this test will be very slow, location China.

Cloudmax-Penny
New Contributor

Hello:

We also get the same problem after changing user's token infomation.

We had tried this posted info and it might get the following messages.

 

 

fds_https.c[593] fds_ctx_set_addr: server: 173.243.138.67:443
fds_svr_core.c[169] fds_svr_default_pickup_server: fdni: 173.243.138.67:443
fds_command.c[300] fds_send_reply: Sending 736 bytes data.
fds_command.c[324] fds_send_reply: send reply failed: req-1, Connection refused
fds_command.c[920] upd_parse_res: no IMLT object in response

ftm_fc_command[492]:forticare [directregistration.fortinet.com:443] unreachable

 

 

 

We can ping to directregistration.fortinet.com from our fortigate.

We have 3 Fortigate 310B and they also have fortitoken license.

The original token has shown the locked status and can't change status in CLI.

Please help us to resolve the problem.

Thanks.

2022-06-27_180239.png

warshad
Staff
Staff

Dear Roy,

 

Please be aware that 5.4 is out of support. The same goes actually for the 5.6 and in September the 6.0 will also be end of support. Please plan an upgrade.

 

The Anycast related changes were implemented in the 6.4.3

 

Waqas Arshad
Fortinet
twalk
New Contributor

Did Upgrading the firmware fix this issue?