Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kps-Encrypt
New Contributor

Not able to register FortiGate 7.2.2 evaluation with Forti care

Downloaded Forigate 7.2.2 for my virtual lab and for life of me could not get the evaluation version register. First it was giving me DNS resolve error. I resolved that error now I am, getting " Curl Forticare failed,7 time out." on Gui I am getting error " error communicating with forticare ". I am using WMware workstation 16 Pro.

16 REPLIES 16
kcheng
Staff
Staff

Hi @kps-Encrypt 

 

You may want to check if your virtual lab is able to access the Internet. For FortiGate VM, it is mandatory to validate the license with fortiGuard servers. You can check if your VM is resolving the following domain correctly:

exec ping forticare.fortinet.com

exec ping service.fortiguard.net

exec ping update.fortiguard.net

 

To check the debug, you can run the following:

diagnose debug reset
diagnose debug application update -1
diagnose debug enable
fnsysctl killall updated
execute update-now

 

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
Reyne
New Contributor

I have the exact same problem. I have claimed it once before though but I accidently deleted that VM some time ago. Now I can't seem to use the trial license on another VM. Is it not possible to use the new permament trial license on a different VM? Not on two at the same time.

 

I tried all your steps, FG-VM is resolving and can reach all three domains.

fnsysctl killall updated did not work, just get "unknown action 0"

 

I also tried to decomission the unit on the FortiCloud asset management, but didn't help either.

kcheng

Hi @Reyne 

 

You can use the trial license on another VM. At this point of time, I couldn't visualize your issue. Can you run the provided commands and paste the output here for further evaluation?

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
Reyne
New Contributor

Hi, @kcheng

 

Thanks for your reply!

 

The only output I get from those commands are:

diagnose debug application update -1 - "Debug messages will be on for 30 minutes"

fnsysctl killall updated - "Unknown action 0"

execute update-now - "upd_daemon[1844]-Recevied update request from pid=171".

5 minutes later the VM will timeout and nothing else happens.

 

In the GUI i just get "Error downloading license: Error communicating with FortiCare"

I am providing the correct email and password.

 

VM does resolve to all 3 above domains with no problem when pinging them.

 

It's funny because I have already manage to do this once with the same setup but this second time it just refuses to work.

kcheng

Hi @Reyne 

 

You may want to try this:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Getting-license-invalid-error-when/t...

 

Also, ensure that there is no upstream performing certificate inspection on your upstream.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
TemjinLeow

Hi Kayzie,

I also encountered something related to this issue.

Below is the debug information after I have followed the steps.

 

FortiGate-VM64-KVM # Requesting FortiCare Trial license, proxy:(null)
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[344]-Starting SETUP
upd_fds_load_default_server[920]-Addr=[208.184.237.66], weight=1383962510
upd_fds_load_default_server[920]-Addr=[12.34.97.16], weight=1746293898
upd_fds_load_default_server[939]-Resolve and add fds usupdate.fortiguard.net ip address OK.
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
Timeout

 

Please kindly assist me. Thank you 


Regards,

Temjin

kcheng

Hi Temjin,

 

In your case, the connection to FortiGuard failed on SSL connect. This would require further investigation by checking on the wireshark. I would suggest that you log a case via our support portal so that this can be investigated via a remote session.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
kps-Encrypt
New Contributor

Thank you for your help it is resolved now.

kcheng

Hi @kps-Encrypt 

 

Glad that the issue has been resolved. It will much appreciated if you can mark this thread as solved to help the other community members as well.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
Labels
Top Kudoed Authors