Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎06-15-2006 02:26 PM

Can not connect to update servers

Hi, I am having problems getting the Fortigate to update. First I had a dns problem which was easy to solve: 
 Thu Jun 15 21:56:11 2006 upd_cfg.c[57] upd_cfg_get_host_by_name-Failed to gethostbyname for fds1.fortinet.com
 Thu Jun 15 21:57:11 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
Using the right DNS server helped. now it says it can' t connect to the update servers: 
 Thu Jun 15 22:16:50 2006 upd_daemon.c[142] do_setup-Starting SETUP
 Thu Jun 15 22:17:50 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:17:50 2006 upd_act.c[159] upd_act_setup-Failed connecting to 206.191.24.180:443
 Thu Jun 15 22:18:54 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:18:54 2006 upd_act.c[159] upd_act_setup-Failed connecting to 212.95.252.127:443
 Thu Jun 15 22:19:56 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:19:56 2006 upd_act.c[159] upd_act_setup-Failed connecting to 217.26.196.37:443
I tried sniffing on the traffic but it returned nothing except my attempts from a local host(using telnet) to see if that could get through: 
 Fortigate-3000 # diagnose sniffer packet any " host  206.191.24.180 or host 65.61.202.129 or host 212.95.252.127 or host 217.26.196.37 or host 64.69.90.228 or host 65.39.139.195" 
 interfaces=[any]
 filters=[host  206.191.24.180 or host 65.61.202.129 or host 212.95.252.127 or host 217.26.196.37 or host 64.69.90.228 or host 65.39.139.195]
 nr=8192,fr=1680,b_nr=4096,pg=4096
 88.379541 10.95.250.87 -> 64.69.90.228: icmp: echo request
 214.004079 10.95.250.87.1271 -> 64.69.90.228.443: syn 1657467624
 214.004118 80.80.15.20.45935 -> 64.69.90.228.443: syn 1657467624
 214.179886 64.69.90.228.443 -> 80.80.15.20.45935: syn 2861662659 ack 1657467625
 214.179905 64.69.90.228.443 -> 10.95.250.87.1271: syn 2861662659 ack 1657467625
 214.179911 64.69.90.228.443 -> 10.95.250.87.1271: syn 2861662659 ack 1657467625
We have public IP networks on both the internal and external side, so I was wondering which IP the fortigate would use to connect from(the external ip?). Could any firewall rule block the attempt? Maybe blocked traffic does not show up in the sniffer? I was thinking about logging all blocked traffic in the firewall rules but we have rather many networks, so it would be nice to figure out which IP the fortigate uses when contacting the outside world. Any ideas?
5739
0 Kudos
3 REPLIES 3
Not applicable

Created on ‎06-15-2006 03:05 PM

Here' s some more logs: 
 Fortigate-3000 $ diag test update info
 
 
 Logs: idx=61
 Thu Jun 15 22:36:27 2006 upd_act.c[237] upd_act_update-Failed connecting to 64.69.90.228:443
 Thu Jun 15 22:37:29 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:37:29 2006 upd_act.c[237] upd_act_update-Failed connecting to 65.39.139.195:443
 Thu Jun 15 22:37:29 2006 upd_daemon.c[221] do_update-UPDATE failed
 Thu Jun 15 22:37:29 2006 upd_daemon.c[609] upd_daemon-Received ring request
 Thu Jun 15 22:37:29 2006 upd_daemon.c[296] do_ring-Starting RING
 Thu Jun 15 22:38:29 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:38:29 2006 upd_act.c[93] upd_act_ring-Failed connecting to 206.191.24.180:443
 Thu Jun 15 22:39:30 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:39:30 2006 upd_act.c[93] upd_act_ring-Failed connecting to 217.26.196.37:443
 Thu Jun 15 22:40:32 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:40:32 2006 upd_act.c[93] upd_act_ring-Failed connecting to 65.61.202.129:443
 Thu Jun 15 22:41:36 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:41:36 2006 upd_act.c[93] upd_act_ring-Failed connecting to 64.69.90.228:443
 Thu Jun 15 22:42:38 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:42:38 2006 upd_act.c[93] upd_act_ring-Failed connecting to 65.39.139.195:443
 Thu Jun 15 22:42:38 2006 upd_daemon.c[300] do_ring-Failed ring
 Thu Jun 15 22:42:38 2006 upd_daemon.c[142] do_setup-Starting SETUP
 Thu Jun 15 22:43:38 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:43:38 2006 upd_act.c[159] upd_act_setup-Failed connecting to 212.95.252.127:443
 Thu Jun 15 22:44:42 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:44:42 2006 upd_act.c[159] upd_act_setup-Failed connecting to 206.191.24.180:443
 Thu Jun 15 22:45:43 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:45:43 2006 upd_act.c[159] upd_act_setup-Failed connecting to 217.26.196.37:443
 Thu Jun 15 22:46:46 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:46:46 2006 upd_act.c[159] upd_act_setup-Failed connecting to 64.69.90.228:443
 Thu Jun 15 22:47:47 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:47:47 2006 upd_act.c[159] upd_act_setup-Failed connecting to 65.39.139.195:443
 Thu Jun 15 22:47:47 2006 upd_daemon.c[159] do_setup-Failed setup
 Thu Jun 15 22:47:47 2006 upd_daemon.c[253] do_virus_report-Starting VIRUS REPORT
 Thu Jun 15 22:48:47 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:48:47 2006 upd_act.c[452] upd_act_virus_stat-Failed connecting to 212.95.252.127:443
 Thu Jun 15 22:49:50 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:49:50 2006 upd_act.c[452] upd_act_virus_stat-Failed connecting to 65.61.202.129:443
 Thu Jun 15 22:50:54 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:50:54 2006 upd_act.c[452] upd_act_virus_stat-Failed connecting to 206.191.24.180:443
 Thu Jun 15 22:51:57 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:51:57 2006 upd_act.c[452] upd_act_virus_stat-Failed connecting to 64.69.90.228:443
 Thu Jun 15 22:52:58 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:52:58 2006 upd_act.c[452] upd_act_virus_stat-Failed connecting to 65.39.139.195:443
 Thu Jun 15 22:52:58 2006 upd_daemon.c[267] do_virus_report-Failed virus report
 Thu Jun 15 22:52:58 2006 upd_daemon.c[639] upd_daemon-Received update now request
 Thu Jun 15 22:52:58 2006 upd_daemon.c[208] do_update-Starting now UPDATE (final try)
 Thu Jun 15 22:53:58 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:53:58 2006 upd_act.c[237] upd_act_update-Failed connecting to 206.191.24.180:443
 Thu Jun 15 22:54:59 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:54:59 2006 upd_act.c[237] upd_act_update-Failed connecting to 212.95.252.127:443
 Thu Jun 15 22:56:01 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:56:01 2006 upd_act.c[237] upd_act_update-Failed connecting to 217.26.196.37:443
 Thu Jun 15 22:57:03 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:57:03 2006 upd_act.c[237] upd_act_update-Failed connecting to 64.69.90.228:443
 Thu Jun 15 22:58:07 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:58:07 2006 upd_act.c[237] upd_act_update-Failed connecting to 65.39.139.195:443
 Thu Jun 15 22:58:07 2006 upd_daemon.c[221] do_update-UPDATE failed
 Thu Jun 15 22:58:07 2006 upd_daemon.c[609] upd_daemon-Received ring request
 Thu Jun 15 22:58:07 2006 upd_daemon.c[296] do_ring-Starting RING
 Thu Jun 15 22:59:08 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 22:59:08 2006 upd_act.c[93] upd_act_ring-Failed connecting to 212.95.252.127:443
 Thu Jun 15 23:00:11 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 23:00:11 2006 upd_act.c[93] upd_act_ring-Failed connecting to 206.191.24.180:443
 Thu Jun 15 23:01:12 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 23:01:12 2006 upd_act.c[93] upd_act_ring-Failed connecting to 217.26.196.37:443
 Thu Jun 15 23:02:16 2006 upd_comm.c[501] upd_comm_connect_fds-Failed TCP connect
 Thu Jun 15 23:02:16 2006 upd_act.c[93] upd_act_ring-Failed connecting to 64.69.90.228:443
 
 Object versions: 02080000AVDB00099065300606151017
                  02080000NIDS00010023000606151002
                  02080000RLDB00000000000101010000
                  00000000FCNI00000000000000000000
                  00000000FDNI00000000000000000000
                  00000000FSCI00000000000000000000
                  02080000AVEN00200020020601261145
                  02080000AVEN00100010000504051628
                  02080000PRXY00500010110504051628
                  02080000PRXY00300010110504051628
                  02080000PRXY00400010110504051628
                  02080000PRXY00100010110504051628
                  02080000PRXY00200010110504051628
                  02080000NIDS00100010000504051630
                  02080000NIDS00200010000504051630
 
 FDS List: 212.095.252.127:443 tz=0
           206.191.024.180:443 tz=0
           217.026.196.037:443 tz=0
           064.069.090.228:443 tz=128
           065.039.139.195:443 tz=128
 
 Setup done once: no
 Next setup retry: Thu Jun 15 23:02:25 2006
 
 Next sched update: Thu Jun 15 23:19:00 2006
 Next update retry: none
 
 Next virus report: Thu Jun 15 23:59:48 2006
 
 Ring         counters: pass=000000 fail=000002
 Setup        counters: pass=000000 fail=010725
 Update       counters: pass=000000 retry_fail=007234 final_fail=003620
 Virus report counters: pass=000000 fail=003273 empty_stats=000000
 
 
 
 Fortigate-3000 $
 
 
 Fortigate-3000 $ diag sys autoupdate status
 FDN availability:  unavailable
 Push update:       enabled
 Push availability: unknown
 Scheduled update: enabled
         Update every:   1 hours at 19 minutes after the hour
 Virus definitions update: enable
 IDS definitions update: enable
 Server override: disabled
 Push address override: disabled
 Web proxy tunneling: disabled
 
 
 
 Fortigate-3000 $ diag sys autoupdate versions
 AV Engine
 ---------
 Version: 2.002
 Contract Expiry Date: Tue Jul 27 01:00:00 2010
 Last Update Attempt: Thu Jun 15 22:58:07 2006
 Result: Connectivity failure
 
 Virus Definitions
 ---------
 Version: 6.530
 Contract Expiry Date: Tue Jul 27 01:00:00 2010
 Last Update Attempt: Thu Jun 15 22:58:07 2006
 Result: Connectivity failure
 
 Attack Definitions
 ---------
 Version: 2.300
 Contract Expiry Date: Tue Jul 27 01:00:00 2010
 Last Update Attempt: Thu Jun 15 22:58:07 2006
 Result: Connectivity failure
 
 IPS Attack Engine
 ---------
 Version: 1.000
 Contract Expiry Date: Tue Jul 27 01:00:00 2010
 Last Update Attempt: Thu Jun 15 22:58:07 2006
 Result: Connectivity failure
 
 Spam Definitions
 ---------
 Version: 0.000
 Contract Expiry Date: n/a
 Last Update Attempt: Thu Jun 15 22:58:07 2006
 Result: Connectivity failure
 
 
 Fortigate-3000 $
3348
0 Kudos
Not applicable

Created on ‎06-15-2006 04:01 PM

A third thing, from the inside, I can ping the external ip of the firewall at 80.80.15.20 and the default gw for the firewall at 80.80.15.17 but the firewall does not get a response when pinging these from the CLI. I feel that I must mention that the traffic to to internet does work . It just seems like the firewall itself, cant go to the internet.
3348
0 Kudos
RickP
New Contributor
In response to

Created on ‎06-16-2006 06:35 AM

To get my updates to work, I have to switch communication to the alternate port (8888) from the default of 53 and it worked fine. Not sure if that would make a difference in your case but it' s an easy thing to try...
3348
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.