Unable to connect to fortiguard servers and unknown wan ip
I'm getting these error on cli
LimonPay-main # ssl_connect_fds[407]-Poll timeout
[207] __ssl_data_ctx_free: Done
[1115] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1125] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 173.243.138.71:443
tcp_connect_fds[235]-Binding to interface 22
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[835] ssl_ctx_create_new: SSL CTX is created
[862] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'update.fortiguard.net'...
[929] ssl_set_hostname: Set hostname 'fortinet-ca2.fortinet.com'
[720] __ssl_info_callback: before SSL initialization
[720] __ssl_info_callback: SSLv3/TLS write client hello
ssl_connect_fds[407]-Poll timeout
[207] __ssl_data_ctx_free: Done
[1115] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1125] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
tcp_connect_fds[235]-Binding to interface 22
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[835] ssl_ctx_create_new: SSL CTX is created
[862] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'update.fortiguard.net'...
[929] ssl_set_hostname: Set hostname 'fortinet-ca2.fortinet.com'
[720] __ssl_info_callback: before SSL initialization
[720] __ssl_info_callback: SSLv3/TLS write client hello
upd_comm_connect_fds[478]-Failed SSL connect
do_update[693]-UPDATE failed
Hi @mlkvdev ,
Please specify the WAN interface at FortiGuard configuration on FortiGate.
config sys fortiguard
set interface-select-method specify
set interface WAN < -- Specify the WAN interface
set source-ip x.x.x.x <-- Specify WAN IP interface
end
Please check the KB for more details - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Failed-getting-WAN-IP-message-from-debuggi...
Best regards,
Erlin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.