Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heyyo
Contributor

Created on ‎07-10-2024 12:08 AM

FortiGate: Unable to connect to FortiGuard servers (FortiGate - Router -FortiGate - Internet)

Hi Team,

 

I am having trouble with FortiGate connection to FortiGuard server with this error reflecting in the GUI:

"Unable to connect to FortiGuard servers"

 

Current topology is:

FortiGate (with Issue) ---- Router ---- Another FortiGate ---- Internet

 

I can ping below:

exec ping service.fortiguard.net

exec ping update.fortiguard.net

exec ping guard.fortinet.net

 

Diag Debug Rating:

2 Servers Listed and has F flags in it

 

Already changed between protocol 8888 and 53 (no 443 available in my FG)

Already enabled and disabled the anycast

Management VDOM is 'root'

 

Config:

config system fortiguard

set fortiguard-anycast disable

set protocol udp

set port 8888

set sdns-server-ip 208.91.112.220    <-

end

 

Anything else which I can try to make the server reachable? 

 

Thanks!

Labels:
1605
0 Kudos
3 REPLIES 3
fricci_FTNT
Staff
Staff

Created on ‎07-10-2024 01:01 AM Edited on ‎07-10-2024 01:07 AM

Hi @heyyo ,

 

You have already tried to change to protocol tcp, right?

I assume that your license is still valid.
Which FOS version are you running?

Can you post the output of the following commands, please:
get system status | grep Version

diag debug rating
#change the port and/or the protocol on the system fortiguard configuration and save it (end)
diag debug rating 1 #<---leave this running for 20 seconds, then press 'q' to stop.
diag test application dnsproxy 2
diag test application dnsproxy 3

 

You can also try to add a second server IP on the fortiguard config:

config system fortiguard
set sdns-server-ip 208.91.112.220 194.69.172.53

end

 

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
1589
AEK
SuperUser
SuperUser

Created on ‎07-10-2024 01:20 AM

Hello

Did you check on you frontal FG if it is blocking the traffic from your internal FG to internet?

AEK
AEK
1558
adimailig
Staff
Staff

Created on ‎07-10-2024 01:51 AM

You may run below debug command to have an idea of the issue

diag debug reset
diag debug application update -1

diag debug enable
execute update-now

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-connect-to-FortiGuard-serv...

Best Regards,

Arnold Dimailig
TAC Engineer
1544
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.