Hi, guys,
My Forti600E can not access Fortiguard servers ( for device registration, any Fortinet services), network infrastructure is:
The Forti600E has few network links :
1. The device is using Fortinet DNS services : 208.91.112.53 & 208.91.112.52
2. The default route (0.0.0.0/0.0.0.0) can point to internal network.
3. The route table to Fortinet DNS services are implicitly defined, as the following route table:
Forti600E-01 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
Routing table for VRF=0 S* 0.0.0.0/0 [10/0] via 10.0.0.250, port2 C 10.0.0.248/30 is directly connected, port2 C 10.10.32.88/29 is directly connected, LL_10M C 10.86.2.0/29 is directly connected, LeaseLine C 10.101.1.0/24 is directly connected, mgmt C 10.102.2.0/30 is directly connected, EXT_Zone C 10.102.2.4/30 is directly connected, INT_Zone S 10.131.1.23/32 [10/0] via 10.102.2.6, INT_Zone S 10.171.4.127/32 [10/0] via 10.101.1.254, mgmt [10/0] via 10.101.2.254, mgmt C 100.100.100.100/32 is directly connected, port2 C 200.200.200.0/24 is directly connected, port2 S 208.91.112.52/32 [10/0] via 10.101.1.254, mgmt S 208.91.112.53/32 [10/0] via 10.101.1.254, mgmt
Forti600E-01 #
Tested result:
Forti600E-01 # get system dns primary : 208.91.112.53 secondary : 208.91.112.52 dns-over-tls : disable ssl-certificate : Fortinet_Factory domain : ip6-primary : :: ip6-secondary : :: timeout : 5 retry : 2 dns-cache-limit : 5000 dns-cache-ttl : 1800 cache-notfound-responses: disable source-ip : 0.0.0.0 interface-select-method: auto
Forti600E-01 #
Forti600E-01 # exe ping 208.91.112.52 PING 208.91.112.52 (208.91.112.52): 56 data bytes 64 bytes from 208.91.112.52: icmp_seq=0 ttl=49 time=233.8 ms 64 bytes from 208.91.112.52: icmp_seq=1 ttl=49 time=233.7 ms 64 bytes from 208.91.112.52: icmp_seq=2 ttl=49 time=233.7 ms 64 bytes from 208.91.112.52: icmp_seq=3 ttl=49 time=233.8 ms 64 bytes from 208.91.112.52: icmp_seq=4 ttl=49 time=233.8 ms
--- 208.91.112.52 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 233.7/233.7/233.8 ms
Forti600E-01 # exe ping 208.91.112.53 PING 208.91.112.53 (208.91.112.53): 56 data bytes 64 bytes from 208.91.112.53: icmp_seq=0 ttl=49 time=237.3 ms 64 bytes from 208.91.112.53: icmp_seq=1 ttl=49 time=237.2 ms 64 bytes from 208.91.112.53: icmp_seq=2 ttl=49 time=237.3 ms 64 bytes from 208.91.112.53: icmp_seq=3 ttl=49 time=237.3 ms 64 bytes from 208.91.112.53: icmp_seq=4 ttl=49 time=237.3 ms
--- 208.91.112.53 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 237.2/237.2/237.3 ms
Forti600E-01 #
But the Forti600E can not connect to FortiGuard servers (WAN IP is unknown), as the attached, and recommendation ?
Many thanks in advance.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.