Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor II

Created on ‎03-19-2023 03:52 AM

Fortianalyzer activate license, connecting to forticare via proxy

Hi,

I just purchased a FAZ and received the license file. Uploading the license file is successful and after login to FAZ 7.2 it goes to register with Forticare and says : Failed to connect to FortiCare servers.

 

The appliance is in a secure zone and it can be only connected to Internet via a proxy server. I mean every connection such as DNS, HTTPS, ICMP, etc to Internet is only possible through a proxy server.

In this situation, how can I set the FAZ to use that prox for connecting to forticare and complete the process and let me login and set up my device.

I used config system web-proxy and it didn't work. Instantly it says:

Failed to connect to FortiCare servers.
 
Is there anyway to solve this and send all the traffic to the proxy server?
Or maybe there is another trick to this?
 
BTW, possible to skip this for now?
 
Regards,
 
M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
Labels:
4073
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to mhdganji

Created on ‎03-20-2023 03:58 AM

The proxy need to be defined under "config fmupdate av-ips web-proxy"

 

config fmupdate av-ips web-proxy

set address <string>

set mode {proxy | tunnel}

set password <password>

set port <integer>

set status {enable | disable}

set username <string>

end

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4038
7 REPLIES 7
srajeswaran
Staff
Staff

Created on ‎03-19-2023 04:22 AM

Can you try uploading the entitlement file using TFTP as suggested in below article.

 

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-configure-FortiAnalyzer-FortiMa...

 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
4068
0 Kudos
mhdganji
Contributor II
In response to srajeswaran

Created on ‎03-19-2023 04:38 AM

I made a request ticket for getting entitlement file and am waiting for it.

Hope to get it soon. (And hope to make it downloadable and available in your Fortinet panel without needing to request for it)

I thought my question will help me to update and connect to Fortiguard servers in the future so I'm still looking for a solution to it if possible.

 

Regards,

 

 

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
4065
0 Kudos
srajeswaran
Staff
Staff
In response to mhdganji

Created on ‎03-19-2023 06:45 AM

After configuring proxy, can you check if the connectivity towards Fortiguard using below commands?

 

diagnose fmupdate view-serverlist fgd
diagnose fmupdate view-serverlist fds
exe ping fds1.fortinet.com

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
4053
0 Kudos
mhdganji
Contributor II
In response to srajeswaran

Created on ‎03-20-2023 03:47 AM

definitely exe ping fds1.fortinet.com will not work cause as I said there is no way (no default gateway to Internet) for this device. Registration to Forticare, getting updates, etc should always use the proxy provided for the system.

So, I think we should consider these options :

 

1- Define a system-wide proxy to relay all connections (including ping and all needed to reach Fortiguard servers)

2- Getting an offline file (like the license itself) to skip this step

3- Using another command to ask the system connect to Forticare via a proxy (I think config system web-proxy is not the suitable command for this)

 

Regards,

 

ForDiag.JPG

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
4043
0 Kudos
srajeswaran
Staff
Staff
In response to mhdganji

Created on ‎03-20-2023 03:58 AM

The proxy need to be defined under "config fmupdate av-ips web-proxy"

 

config fmupdate av-ips web-proxy

set address <string>

set mode {proxy | tunnel}

set password <password>

set port <integer>

set status {enable | disable}

set username <string>

end

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
4039
mhdganji
Contributor II
In response to srajeswaran

Created on ‎03-20-2023 04:41 AM

Thanks !

After setting these and waiting for a few minutes, The next logon displayed a check mark beside the register with Forticare and I finished setting up my device.

 

Regards,

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
4031
0 Kudos
srajeswaran
Staff
Staff
In response to mhdganji

Created on ‎03-20-2023 04:45 AM

Thats great to hear.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
4030
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.