I have noticed on a handful of my Forticlient's stopped receiving virus definition updates. The log states cannot obtain updates. Update server responded with unauthorized access.
Fortigate version 5.11
Forticlient version 5.09
I have also tried update one of the workstations to 5.2.4 and it still cant get updates.
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Sorry. What I meant was it shall be fixed in a further FortiClient release.
You are right that 5.0.11 is not available. The latest is 5.0.10 and it has this bug.
Actually I got a system message "Fortigate update now virdb(28.00366) etdb(28.00366) botnet(2.00515) from 208.91.112.71:443"
So that means resolution for FDS is working and the fortigate is working. So the million dollar questions, when the client is trying to update is it pull the update from FDS directly or via the fortigate?
Since we know the client works unregistered, I believe the latter is involved. I'm scratching my head on what to do but have you validate the forticlient is shown registered on the fortigate?
I would 1st check for FCT-access and make sure it was not removed AND if it was working previously.
And then run some diagnostics
diag debug console timestamp enable
diag debug reset
diag debug console timestamp enable
diag debug en
diag debug flow addr <enter client>
diag debug flow show console
diag debug flow trace start 100
If the client can't registered that's a issue. And if it's registration is valid but everything else does not work that's another issue. Maybe the following my shed some light;
diag endpoint registration list
Ken
PCNSE
NSE
StrongSwan
They seem to register fine and the FCT-access is enabled on the correct interface. I should also mention that this is occurring at 4 other sites with the same firmware versions and it seemed it happened about the same time.
Here is a output for diag endpoint registration list FortiClient #1 (0): UID = **************** vdom = root status = registered registering time = Tue Jul 14 16:24:57 2015 registration expiry time = none source IP = 192.168.**** source MAC = 00:25:***** user = **** host OS = Microsoft Windows 7 , 32-bit Service Pack 1 (build 7601) restored registration = no local registration = yes remote registration SN = local
I will work on the other commands in a bit.
FDS may have prevented registered 5.0 FortiClient to get AV signature. It's under investigation...
It turned out it's a recent FDS update that prevents FortiClient from using FortiGate SN to get AV signature. So it will require a FortiClient 5.0.11 to fix it.
Ah OK. I will get that updated and get back to you on the results.
Thanks for getting that info
I actually only see Forticlient 5.0.10 as a option for download from the Fortinet site.
Do you know of any diag commands to diagnose forticlient registering attempts? I was curios outside of the forticlient discovery does a means exist on the fortigate to look at registrations attempts.
ken
PCNSE
NSE
StrongSwan
Do you mean "diag debug app fcnacd 255"?
Sorry. What I meant was it shall be fixed in a further FortiClient release.
You are right that 5.0.11 is not available. The latest is 5.0.10 and it has this bug.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.