- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error Activating Evaluation Fortigate VM license 7.2.3
Hello, while trying to activate my fortigate VM license 7.2.3 that is running on Vmware I get the following Error:
However when trying to execute a ping to Forticare domain I get a response.
Thank you for the help !
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You may consider to run the commands below and check the error message.
diagnose debug application update -1
diagnose debug enable
execute update-now
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im getting the following logs:
Do you want to continue? (y/n)y
Requesting FortiCare Trial license, proxy:(null)
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_vm_cfg_set_status[279]-Saved status code 502
do_setup[348]-Failed setup
upd_sched_time_to_update[268]-Config changed, next_upd_time=Thu Jan 26 23:16:30 2023
upd_daemon[1844]-Received update request from pid=7060
upd_daemon[1844]-Received update request from pid=7037
do_setup[344]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
curl forticare failed, 28
curl forticare failed, 28
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[348]-Failed setup
upd_daemon[2075]-Disabling remaining actions 11
do_setup[344]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
curl forticare failed, 28
Failed to request forticare license 28.
Failed to download VM license.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
DNS entry was successfully resolved, however TLS session failed to establish. I would recommend to sniff traffic on ESXi host:
Created on ‎01-27-2023 07:48 AM Edited on ‎01-27-2023 07:48 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After sniffing the traffic and filtering to TLS it seems like Server sends a certificate request and the handshake fails from there,
10.100.102.192 is the VM
Is there a possible fix for it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Is there by any chance upstream firewall which performs deep inspection?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No,
This is the first time setting up the machine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I was referring whether there is a firewall between the VM and Internet. In case there is firewall between VM and Internet which performs deep inspection TLS session won't be established.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have the same issue i could not fix i opened ticket with the fortigate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May I ask if your issue has been resolved? How to solve it, please let me know
