Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NickStudi
New Contributor

Created on ‎03-04-2024 12:04 AM

FortiGate & FortiManager Zero Touch - ISDB Update time-out

Hello dear community,

We have installed a FortiGate via a Zero Touch Process using the FortiManager, i.e. the FortiGate is connected, assigned an address via DHCP and then reports to the FortiManager. The FortiManager then transfers the required configuration and policies to the FortiGate.

 

Basically, the process works perfectly, but we have noticed that the FortiGate has problems upgrading its ISDB independently during the installation of the configuration.

If you look at the process report from the FortiManager, which shows the installation of the configuration (see attachment), an attempt is made to update the ISDB on the FortiGate for 3 minutes until the process times out. We also previously had an address object from the ISDB in our policy set, which meant that the entire policy could not be automatically installed on the FortiGate due to the problem.

 

We would like to save these 3 minutes and also have the possibility to install objects directly from the ISDB in the future. Has anyone here had the same experience or ideas to solve the problem?

 

Thank you and kind regards

NickProgress-Report_ISDB.PNG

Labels:
188
0 Kudos
3 REPLIES 3
smkml
Staff
Staff

Created on ‎03-04-2024 12:49 AM

Hi @NickStudi ,

 

Generally, starting in 7.2.1 this features introduces to check if FMG have latest update of ISDB than FGT it will start to update within 3 min, if it fails it will still install to FGT.

Ref: https://docs.fortinet.com/document/fortimanager/7.2.0/new-features/862265/internet-service-database-...

 

However, on FGT itself can be update by itself by below command:

# diag debug application update -1
# diag debug enable
# execute update-now

 

Note: Make sure FGT have internet access to get an update from FortiGuard server

178
NickStudi
New Contributor
In response to smkml

Created on ‎03-04-2024 03:10 AM

Hi @smkml 

 

Thanks for the answer! I assume that the update fails every time because the FortiGate has no internet connection at the time it receives its configuration from the FortiManager, right? That's why it always seems to time out in my case.

162
0 Kudos
smkml
Staff
Staff
In response to NickStudi

Created on ‎03-04-2024 04:27 AM

Hi @NickStudi ,

 

Yes, if your FGT use FMG as FortiGuard server, it is the same, manually update from the FGT to get latest ISDB version.

147
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.