Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor II

Fortianalyzer activate license, connecting to forticare via proxy

Hi,

I just purchased a FAZ and received the license file. Uploading the license file is successful and after login to FAZ 7.2 it goes to register with Forticare and says : Failed to connect to FortiCare servers.

 

The appliance is in a secure zone and it can be only connected to Internet via a proxy server. I mean every connection such as DNS, HTTPS, ICMP, etc to Internet is only possible through a proxy server.

In this situation, how can I set the FAZ to use that prox for connecting to forticare and complete the process and let me login and set up my device.

I used config system web-proxy and it didn't work. Instantly it says:

Failed to connect to FortiCare servers.
 
Is there anyway to solve this and send all the traffic to the proxy server?
Or maybe there is another trick to this?
 
BTW, possible to skip this for now?
 
Regards,
 
M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
1 Solution
srajeswaran

The proxy need to be defined under "config fmupdate av-ips web-proxy"

 

config fmupdate av-ips web-proxy

set address <string>

set mode {proxy | tunnel}

set password <password>

set port <integer>

set status {enable | disable}

set username <string>

end

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

7 REPLIES 7
srajeswaran
Staff
Staff

Can you try uploading the entitlement file using TFTP as suggested in below article.

 

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-configure-FortiAnalyzer-FortiMa...

 

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

mhdganji

I made a request ticket for getting entitlement file and am waiting for it.

Hope to get it soon. (And hope to make it downloadable and available in your Fortinet panel without needing to request for it)

I thought my question will help me to update and connect to Fortiguard servers in the future so I'm still looking for a solution to it if possible.

 

Regards,

 

 

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
srajeswaran

After configuring proxy, can you check if the connectivity towards Fortiguard using below commands?

 

diagnose fmupdate view-serverlist fgd
diagnose fmupdate view-serverlist fds
exe ping fds1.fortinet.com

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

mhdganji

definitely exe ping fds1.fortinet.com will not work cause as I said there is no way (no default gateway to Internet) for this device. Registration to Forticare, getting updates, etc should always use the proxy provided for the system.

So, I think we should consider these options :

 

1- Define a system-wide proxy to relay all connections (including ping and all needed to reach Fortiguard servers)

2- Getting an offline file (like the license itself) to skip this step

3- Using another command to ask the system connect to Forticare via a proxy (I think config system web-proxy is not the suitable command for this)

 

Regards,

 

ForDiag.JPG

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
srajeswaran

The proxy need to be defined under "config fmupdate av-ips web-proxy"

 

config fmupdate av-ips web-proxy

set address <string>

set mode {proxy | tunnel}

set password <password>

set port <integer>

set status {enable | disable}

set username <string>

end

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

mhdganji

Thanks !

After setting these and waiting for a few minutes, The next logon displayed a check mark beside the register with Forticare and I finished setting up my device.

 

Regards,

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
srajeswaran

Thats great to hear.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Labels
Top Kudoed Authors