Downloaded Forigate 7.2.2 for my virtual lab and for life of me could not get the evaluation version register. First it was giving me DNS resolve error. I resolved that error now I am, getting " Curl Forticare failed,7 time out." on Gui I am getting error " error communicating with forticare ". I am using WMware workstation 16 Pro.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @kps-Encrypt
You may want to check if your virtual lab is able to access the Internet. For FortiGate VM, it is mandatory to validate the license with fortiGuard servers. You can check if your VM is resolving the following domain correctly:
exec ping forticare.fortinet.com
exec ping service.fortiguard.net
exec ping update.fortiguard.net
To check the debug, you can run the following:
diagnose debug reset
diagnose debug application update -1
diagnose debug enable
fnsysctl killall updated
execute update-now
Created on 12-23-2022 07:37 AM Edited on 12-23-2022 07:42 AM
I have the exact same problem. I have claimed it once before though but I accidently deleted that VM some time ago. Now I can't seem to use the trial license on another VM. Is it not possible to use the new permament trial license on a different VM? Not on two at the same time.
I tried all your steps, FG-VM is resolving and can reach all three domains.
fnsysctl killall updated did not work, just get "unknown action 0"
I also tried to decomission the unit on the FortiCloud asset management, but didn't help either.
Hi @Reyne
You can use the trial license on another VM. At this point of time, I couldn't visualize your issue. Can you run the provided commands and paste the output here for further evaluation?
Created on 01-04-2023 01:09 AM Edited on 01-04-2023 01:12 AM
Hi, @kcheng
Thanks for your reply!
The only output I get from those commands are:
diagnose debug application update -1 - "Debug messages will be on for 30 minutes"
fnsysctl killall updated - "Unknown action 0"
execute update-now - "upd_daemon[1844]-Recevied update request from pid=171".
5 minutes later the VM will timeout and nothing else happens.
In the GUI i just get "Error downloading license: Error communicating with FortiCare"
I am providing the correct email and password.
VM does resolve to all 3 above domains with no problem when pinging them.
It's funny because I have already manage to do this once with the same setup but this second time it just refuses to work.
Hi @Reyne
You may want to try this:
Also, ensure that there is no upstream performing certificate inspection on your upstream.
Hi Kayzie,
I also encountered something related to this issue.
Below is the debug information after I have followed the steps.
FortiGate-VM64-KVM # Requesting FortiCare Trial license, proxy:(null)
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[344]-Starting SETUP
upd_fds_load_default_server[920]-Addr=[208.184.237.66], weight=1383962510
upd_fds_load_default_server[920]-Addr=[12.34.97.16], weight=1746293898
upd_fds_load_default_server[939]-Resolve and add fds usupdate.fortiguard.net ip address OK.
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
Timeout
Please kindly assist me. Thank you
Regards,
Temjin
Hi Temjin,
In your case, the connection to FortiGuard failed on SSL connect. This would require further investigation by checking on the wireshark. I would suggest that you log a case via our support portal so that this can be investigated via a remote session.
Thank you for your help it is resolved now.
Hi @kps-Encrypt
Glad that the issue has been resolved. It will much appreciated if you can mark this thread as solved to help the other community members as well.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.