Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Niv_E
New Contributor II

Error Activating Evaluation Fortigate VM license 7.2.3

Hello, while trying to activate my fortigate VM license 7.2.3 that is running on Vmware I get the following Error:

Niv_E_0-1674404659444.png

However when trying to execute a ping to Forticare domain I get a response.

 

Thank you for the help !

8 REPLIES 8
abarushka
Staff
Staff

Hello,

 

You may consider to run the commands below and check the error message.

 

diagnose debug application update -1

diagnose debug enable

execute update-now

FortiGate
Niv_E
New Contributor II

Im getting the following logs:

 

 

Do you want to continue? (y/n)y

Requesting FortiCare Trial license, proxy:(null)
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_vm_cfg_set_status[279]-Saved status code 502
do_setup[348]-Failed setup
upd_sched_time_to_update[268]-Config changed, next_upd_time=Thu Jan 26 23:16:30 2023

upd_daemon[1844]-Received update request from pid=7060
upd_daemon[1844]-Received update request from pid=7037
do_setup[344]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...

ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
curl forticare failed, 28
curl forticare failed, 28

ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[348]-Failed setup
upd_daemon[2075]-Disabling remaining actions 11
do_setup[344]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
curl forticare failed, 28
Failed to request forticare license 28.
Failed to download VM license.

 

abarushka

Hello,

 

DNS entry was successfully resolved, however TLS session failed to establish. I would recommend to sniff traffic on ESXi host:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-sniff-traffic-on-hypervisor-ESXi-us...

FortiGate
Niv_E
New Contributor II

After sniffing the traffic and filtering to TLS it seems like Server sends a certificate request and the handshake fails from there, 

Niv_E_0-1674834452217.png

10.100.102.192 is the VM

 

Is there a possible fix for it?

abarushka

Hello,

 

Is there by any chance upstream firewall which performs deep inspection?

FortiGate
Niv_E
New Contributor II

No,

This is the first time setting up the machine

abarushka
Staff
Staff

Hello,

 

I was referring whether there is a firewall between the VM and Internet. In case there is firewall between VM and Internet which performs deep inspection TLS session won't be established.

FortiGate
wrabelo

i have the same issue   i could not fix i opened ticket with the fortigate

 

Labels
Top Kudoed Authors