Dear, please help me in this case:
I have a Fortigate 100F which was return to the factory and configured as an edge in another datacenter.
The internet provider gave us a private WAN IP x.x.x.x; but to go out to the internet, we must do it through a secundary WAN IP y.y.y.y.
The Firewall was already registered in FortiCloud before the factory reset. Currently it appears registered in FortiCloud.
The system information on the dashboard confirms the WAN IP y.y.y.y; but when trying to connected to FortiCloud it gives us "FortiGate Cloud Internal Error".
When generating a PING using the CLI witch the source-ip y.y.y.y to the service.fortiguard.net URL, I do manage to reach it, but when I connected to the internet, it gives me the aforementioned error.
When reviewing the traffic I see that in the rule Implicit Deny the origin y.y.y.y with destination to the Fortinet DNS, port TCP/853 es accepted.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello pollognr911,
Could you have a look at this article where you can set the source ip for FortiGate to FortiCloud:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-source-IP-address-on-FortiGate...
if it does not work can you run the following debugs and paste the output here:
diagnose test application forticldd 1
dia debug en
Would you please confirm if the following is what you've on configured on fortigate:
configure system central-management
set type fortiguard
end
In addition you can check this troubleshooting article:
Hope this helps
Hello pollognr911,
Could you have a look at this article where you can set the source ip for FortiGate to FortiCloud:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-source-IP-address-on-FortiGate...
if it does not work can you run the following debugs and paste the output here:
diagnose test application forticldd 1
dia debug en
Dear, thank you very much for your help.
When performing the indicated tests, I detected that log fortguard setting was disabled, so I enabled it and then configured it with the secundary WAN IP and managed to connect. This option in other firewalls is enabled by default.
Would you please confirm if the following is what you've on configured on fortigate:
configure system central-management
set type fortiguard
end
In addition you can check this troubleshooting article:
Hope this helps
Dear, thank you very much for your help. When performing the indicated tests, I detected that log fortguard setting was disabled, so I enabled it and then configured it with the secundary WAN IP and managed to connect. This option in other firewalls is enabled by default.
You can try to force the traffic via wan2. For example
config system fortiguard
set interface-select-method specify
set interface wan2
set source-ip 1.2.3.4
end
Dear, thank you very much for your comment. I had performed this test before with the information found in various forums, but the problem persisted. The solution was as indicated above, the fortiguard log was disabed.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.