- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiGate-VM evaluation license register issues "c...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate-VM evaluation license register issues "curl forticare failed, 43"
FGT_VM64_KVM-v7.4.0.F-build2360-FORTINET.out.kvm
I downloaded this, but I can't register its evaluation license.
I got a message like the one below.
Requesting FortiCare Trial license, proxy:(null)
curl forticare failed, 43
I couldn't find the meaning of the error phrase anywhere.
Please help me.
Regards
-Jejun
Labels:
- Labels:
-
FortiGate
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would check whether DNS is working properly (i.e. you can ping other web-sites from FortiGate) and whether FortiGate has access to Internet.
FortiGate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I checked.
exec ping 8.8.8.8
exec ping update.fortiguard.net
exec ping service.fortiguard.net
It worked. but It still has problems.
Requesting FortiCare Trial license, proxy:(null)
curl forticare failed, 43
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You may consider to run the commands below and check the output:
diagnose debug application update -1
diagnose debug enable
execute update-now
FortiGate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate-VM64-KVM # execute date
current date is: 2023-06-17
FortiGate-VM64-KVM # execute time
current time is: 08:12:04
last ntp sync:Sat Jun 17 08:09:01 2023
FortiGate-VM64-KVM # exec ping update.fortiguard.net
PING fds1.fortinet.com (173.243.138.66): 56 data bytes
64 bytes from 173.243.138.66: icmp_seq=0 ttl=128 time=146.0 ms
64 bytes from 173.243.138.66: icmp_seq=1 ttl=128 time=146.0 ms
^C
--- fds1.fortinet.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 146.0/146.0/146.0 ms
FortiGate-VM64-KVM # exec ping service.fortiguard.net
PING guard.fortinet.net (173.243.138.194): 56 data bytes
64 bytes from 173.243.138.194: icmp_seq=0 ttl=128 time=144.2 ms
64 bytes from 173.243.138.194: icmp_seq=1 ttl=128 time=144.7 ms
^C
--- guard.fortinet.net ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 144.2/144.4/144.7 ms
FortiGate-VM64-KVM # exec ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=128 time=36.8 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=52.5 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 36.8/44.6/52.5 ms
FortiGate-VM64-KVM # Requesting FortiCare Trial license, proxy:(null)
curl forticare failed, 43
FortiGate-VM64-KVM #
FortiGate-VM64-KVM # diagnose debug enable
FortiGate-VM64-KVM # diagnose debug application update -1
Debug messages will be on for 30 minutes.
FortiGate-VM64-KVM # exec update-now
FortiGate-VM64-KVM # Requesting FortiCare Trial license, proxy:(null)
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1047] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1057] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[361]-Failed setup
upd_daemon[2241]-Disabling remaining actions 90
upd_act_report_fmg_list[826]-Starting report FMG LIST.
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 addre ss failed.
pack_obj[186]-Packing obj=Protocol=3.4|Command=FDNSetup|Firmware=FGVMK6-FW-7.02-1396|Seri alNumber=FGVMEV3M9Z9NZF61|Language=en-US|TimeZone=-7|Sequence=0|HAList=FGVMEV3M9Z9NZF61|A uthList=
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root c a Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[767] ssl_ctx_create_new: SSL CTX is created
[794] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1047] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1057] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[767] ssl_ctx_create_new: SSL CTX is created
[794] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1047] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1057] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[357]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[767] ssl_ctx_create_new: SSL CTX is created
[794] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
Timeout
FortiGate-VM64-KVM login: curl forticare failed, 28
Regards
-Jejun
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jejun,
ICMP connectivity and DNS resolution look good. I notice that FortiGate cannot establish TLS session with ForiGuard:
upd_comm_connect_fds[478]-Failed SSL connect
Is there is any device between FortiGate and FortiGuard which does deep inspection? Moreover, I would recommend to sniff the traffic towards FortiGuard "diagnose sniffer packet any 'host 12.34.97.16' 6 0 a" and convert it to pcap file.
FortiGate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate-VM64-KVM # exec ping update.fortiguard.net
PING fds1.fortinet.com (208.184.237.66): 56 data bytes
64 bytes from 208.184.237.66: icmp_seq=0 ttl=128 time=142.9 ms
64 bytes from 208.184.237.66: icmp_seq=1 ttl=128 time=145.7 ms
^C
--- fds1.fortinet.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 142.9/144.3/145.7 ms
FortiGate-VM64-KVM # exec ping service.fortiguard.net
PING guard.fortinet.net (12.34.97.71): 56 data bytes
64 bytes from 12.34.97.71: icmp_seq=0 ttl=128 time=197.7 ms
64 bytes from 12.34.97.71: icmp_seq=1 ttl=128 time=195.9 ms
^C
--- guard.fortinet.net ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 195.9/196.8/197.7 ms
FortiGate-VM64-KVM # exec ping usupdate.fortiguard.net
PING usfds1.fortinet.com (12.34.97.16): 56 data bytes
64 bytes from 12.34.97.16: icmp_seq=0 ttl=128 time=194.9 ms
64 bytes from 12.34.97.16: icmp_seq=1 ttl=128 time=194.9 ms
^C
--- usfds1.fortinet.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 194.9/194.9/194.9 ms
FortiGate-VM64-KVM # exec ping 12.34.97.16
PING 12.34.97.16 (12.34.97.16): 56 data bytes
64 bytes from 12.34.97.16: icmp_seq=0 ttl=128 time=198.2 ms
64 bytes from 12.34.97.16: icmp_seq=1 ttl=128 time=195.6 ms
^C
--- 12.34.97.16 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 195.6/196.9/198.2 ms
FortiGate-VM64-KVM # exec ping 208.184.237.66
PING 208.184.237.66 (208.184.237.66): 56 data bytes
64 bytes from 208.184.237.66: icmp_seq=0 ttl=128 time=144.8 ms
64 bytes from 208.184.237.66: icmp_seq=1 ttl=128 time=143.9 ms
^C
--- 208.184.237.66 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 143.9/144.3/144.8 ms
FortiGate-VM64-KVM # diagnose sniffer packet any 'host 12.34.97.16' 4
Using Original Sniffing Mode
interfaces=[any]
filters=[host 12.34.97.16]
Requesting FortiCare Trial license, proxy:(null)
12.648055 port1 out 192.168.21.10.3882 -> 12.34.97.16.443: fin 688041116 ack 578499204
12.649442 port1 in 12.34.97.16.443 -> 192.168.21.10.3882: ack 688041117
12.847316 port1 in 12.34.97.16.443 -> 192.168.21.10.3882: psh fin 578501605 ack 688041117
12.847433 port1 out 192.168.21.10.3882 -> 12.34.97.16.443: rst 688041117
14.666733 port1 out 192.168.21.10.3928 -> 12.34.97.16.443: syn 2792084773
14.881426 port1 in 12.34.97.16.443 -> 192.168.21.10.3928: syn 1973491655 ack 2792084774
14.881515 port1 out 192.168.21.10.3928 -> 12.34.97.16.443: ack 1973491656
14.882829 port1 out 192.168.21.10.3928 -> 12.34.97.16.443: psh 2792084774 ack 1973491656
14.883750 port1 in 12.34.97.16.443 -> 192.168.21.10.3928: ack 2792084947
33.601126 port1 out 192.168.21.10.3932 -> 12.34.97.16.443: syn 1551951859
33.821314 port1 in 12.34.97.16.443 -> 192.168.21.10.3932: syn 1572495172 ack 1551951860
33.821440 port1 out 192.168.21.10.3932 -> 12.34.97.16.443: ack 1572495173
33.832202 port1 out 192.168.21.10.3932 -> 12.34.97.16.443: psh 1551951860 ack 1572495173
33.832715 port1 in 12.34.97.16.443 -> 192.168.21.10.3932: ack 1551952033
curl forticare failed, 43
FortiGate-VM64-KVM # diagnose sniffer packet any 'host 208.184.237.66' 4
Using Original Sniffing Mode
interfaces=[any]
filters=[host 208.184.237.66]
Requesting FortiCare Trial license, proxy:(null)
8.648300 port1 in 208.184.237.66.443 -> 192.168.21.10.10532: psh fin 1806447244 ack 6028528 74
8.648392 port1 out 192.168.21.10.10532 -> 208.184.237.66.443: ack 1806444843
29.822201 port1 out 192.168.21.10.10538 -> 208.184.237.66.443: fin 3902104475 ack 421810570
29.823717 port1 in 208.184.237.66.443 -> 192.168.21.10.10538: ack 3902104476
29.977878 port1 in 208.184.237.66.443 -> 192.168.21.10.10538: psh fin 421812971 ack 3902104476
29.977970 port1 out 192.168.21.10.10538 -> 208.184.237.66.443: rst 3902104476
34.562277 port1 in 208.184.237.66.443 -> 192.168.21.10.10458: rst 1867385272 ack 2992064321
68.659526 port1 out 192.168.21.10.10532 -> 208.184.237.66.443: fin 602852874 ack 1806444843
68.659984 port1 in 208.184.237.66.443 -> 192.168.21.10.10532: ack 602852875
201.130892 port1 out 192.168.21.10.10578 -> 208.184.237.66.443: syn 2264122658
201.293434 port1 in 208.184.237.66.443 -> 192.168.21.10.10578: syn 1533365585 ack 2264122659
201.293529 port1 out 192.168.21.10.10578 -> 208.184.237.66.443: ack 1533365586
201.326789 port1 out 192.168.21.10.10578 -> 208.184.237.66.443: psh 2264122659 ack 1533365586
201.327136 port1 in 208.184.237.66.443 -> 192.168.21.10.10578: ack 2264122832
261.445929 port1 in 208.184.237.66.443 -> 192.168.21.10.10578: psh fin 1533367987 ack 2264122832
261.446552 port1 out 192.168.21.10.10578 -> 208.184.237.66.443: ack 1533365586
276.264190 port1 in 208.184.237.66.443 -> 192.168.21.10.10494: rst 1129937484 ack 4177346935
curl forticare failed, 28
Regards
-Jejun
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Most likely, you downloaded the FF-VM rather than the FG-VM.
You can download it from WeTransfer using the link provided below.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I downloaded the FGT file.
FGT_VM64_KVM-v7.4.0.F-build2360-FORTINET.out.kvm
and
The hostname of the command prompt is also "FortiGate-VM64-KVM #".
Regards
-Jejun
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The below link would be helpful for this issue.
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/441460
Kwan
Related Posts
- Can't reach the forticare.fortinet.com to... 1075 Views
- FortiGate-VM restore evaluation license from FortiCare 1751 Views
- Failed to download license 18928 Views
- How to Install FortiGate VM with... 19252 Views
Labels
-
FortiGate
6,528 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.