- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortigate 40F fortiguard-log issue reported
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 40F fortiguard-log issue reported
Following issue shows a wrong connection to Fortiguard-log server, password is correct and worked properly with another Fortigate device, diagnose log is activate but I can't connect to Forticloud:
FORTI-40F # execute fortiguard-log login xxxMAILxxx xxxPWDxxx
2024-03-13 12:52:46 [643] fds_https_stop_server: 173.243.143.6:443
2024-03-13 12:52:46 [205] __ssl_data_ctx_free: Done
2024-03-13 12:52:46 [1047] ssl_free: Done
2024-03-13 12:52:46 [197] __ssl_cert_ctx_free: Done
2024-03-13 12:52:46 [1057] ssl_ctx_free: Done
2024-03-13 12:52:46 [1038] ssl_disconnect: Shutdown
2024-03-13 12:52:46 [554] fds_https_timeout: Connection timed out, svr=Forticlient-svr
2024-03-13 12:52:46 [246] fds_svr_default_on_error: Forticlient-svr: ip=173.243.143.6:443, reason=4
2024-03-13 12:52:46 [263] fds_svr_default_on_error: Forticlient-svr: Conn failes 1/2
2024-03-13 12:52:46 [145] fds_svr_default_pickup_server: Forticlient-svr: [2620:101:9000:143:173:243:143:6]:443
Failed: FGT internal error(-1)
Command fail. Return code 5
FORTI-40F # 2024-03-13 12:52:56 [643] fds_https_stop_server: [2620:101:9000:143:173:243:143:6]:443
2024-03-13 12:52:56 [145] fds_svr_default_pickup_server: Forticlient-svr: 173.243.143.6:443
2024-03-13 12:52:56 [589] fds_https_start_server: server: 173.243.143.6:443
2024-03-13 12:52:56 [590] fds_https_start_server: source-ip: 0.0.0.0:0
2024-03-13 12:52:56 [114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
2024-03-13 12:52:56 [482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
2024-03-13 12:52:56 [488] ssl_ctx_use_builtin_store: Enable CRL checking.
2024-03-13 12:52:56 [495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
2024-03-13 12:52:56 [767] ssl_ctx_create_new: SSL CTX is created
2024-03-13 12:52:56 [794] ssl_new: SSL object is created
2024-03-13 12:52:56 [86] https_create: proxy server 0.0.0.0 port:0
2024-03-13 12:52:56 [206] forticldd_add_hostname_check: Add hostname checking 'globalfctupdate.fortinet.net'
2024-03-13 12:52:56 [573] __tcps_tcp_start_connect: sockfd=11, server=173.243.143.6:443, use_harelay=0, use_proxy=0
2024-03-13 12:52:56 [577] __tcps_tcp_start_connect: ret=-1
2024-03-13 12:52:56 [582] __tcps_tcp_start_connect: errno=115(Operation now in progress)
2024-03-13 12:52:56 [870] tcps_connect: 173.243.143.6:443 -- ret 0, state 0x0(Intialized) -> 0x11(Connecting)
FORTI-40F# execute ping service.fortiguard.net
PING guard.fortinet.net (12.34.97.71): 56 data bytes
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
Consider all fortiguard pool /24 are staticly routed to internet connection, and other devices can reach fortiguard domain with same routing. DNS is set to 8.8.8.8.
Jonathan Salas
Solved! Go to Solution.
Jonathan Salas
Labels:
- Labels:
-
FortiGate
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If all is similar for all FortiGates then I think you should check the WAN connection. Probably the issue is caused by the ISP.
Is it possible to try with another WAN link during maintenance window? (try with 4G or other ISP).
AEK
AEK
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can see you can't ping FortiGuard, while you can resolve from 8.8.8.8.
Can you share the following:
config system fortiguard
get source-ip
end
config system dns
get source-ip
end
config log fortiguard setting
get source-ip
end
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Consider identical route and config is set for another 100 devices without issue reported or identified. I've a quad zero route to a vpn connection, and several static routes poiting fortiguard public ip to internet, including ip of fortiguard 12.34.97.71, so that way this device similar than another devices with same routing should reach fortiguard domain. Just 3 firewall policies are configured, two for vpn traffic in-out and the default for lan going to internet. I can´t ping anything outside the vpn! minimal issue =V
I removed by cli using the unset fortigate account id and try it again but same result. Following output shows requested
fortiguard source-ip: 0.0.0.0
dns source-ip: 0.0.0.0
log fortiguard source-ip: 0.0.0.0
Also output for command "execute fortiguard-log domain" should be
EUROPE
US
GLOBAL
but for this forti 40F device is:
execute fortiguard-log domain
Failed
Command fail. Return code 5
Jonathan Salas
Jonathan Salas
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If all is similar for all FortiGates then I think you should check the WAN connection. Probably the issue is caused by the ISP.
Is it possible to try with another WAN link during maintenance window? (try with 4G or other ISP).
AEK
AEK
Created on 03-14-2024 11:48 AM Edited on 03-14-2024 11:48 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you were right, after shutdown the interface and enable backup link it worked properly. Tyv @AEK
Jonathan Salas
Jonathan Salas
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I booted the device and now I can manage the device through fortiguard.net, but somehow I can´t reach another destination than vpn tunnel
Jonathan Salas
Jonathan Salas
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello salassilvaj,
There might be a connectivity issue between your FortiGate device and the FortiGuard server. Here are some steps you can take to troubleshoot and potentially resolve the issue:
-
Check Internet Connectivity: Ensure that your FortiGate device has proper internet connectivity. You can try to ping other external servers or perform a traceroute to diagnose any network connectivity issues.
-
Check Firewall Policies: Make sure that there are no firewall policies blocking traffic from your FortiGate device to the FortiGuard servers. Review your firewall policies to ensure that traffic to the necessary destinations and ports is allowed.
-
Check Routing Configuration: Verify that the routing configuration on your FortiGate device is correct and that traffic destined for the FortiGuard servers is being routed properly. Ensure that the static routes for the FortiGuard pool are configured correctly.
-
Check DNS Resolution: Confirm that DNS resolution is working properly on your FortiGate device. You mentioned that the DNS is set to 8.8.8.8, but make sure that DNS resolution for the FortiGuard domain (
service.fortiguard.net) is resolving correctly. -
Check Time and Date Settings: Ensure that the time and date settings on your FortiGate device are accurate. SSL connections can fail if the device's clock is not synchronized with the correct time.
-
Check for Firmware Updates: Ensure that your FortiGate device is running the latest firmware version. Sometimes, firmware bugs or compatibility issues can cause connectivity problems.
-
Contact Fortinet Support: If the issue persists after performing the above steps, consider reaching out to Fortinet support for further assistance. They can provide specialized support and troubleshooting steps tailored to your specific setup.
By systematically troubleshooting these areas, you should be able to identify and resolve the connectivity issue between your FortiGate device and the FortiGuard server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1 and 3. Routing is configured fine, but I can´t reach internet anything outside vpn,
2. Firewall policies are similar to another device without any issue
4. There is no resolution simimar reply than point #1
5. Time is set and correct
6. Is the last available free by remote from Forticloud 7.4.0
Jonathan Salas
Jonathan Salas
Related Posts
- free vpn client certificate problems 67 Views
- SSL VPN on LTE Disconnecting Frequently 88 Views
- new switch license 79 Views
- FortiGate with Grafana 100 Views
- Log messages when forwarding traffic 125 Views
Labels
-
FortiGate
6,530 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.