Hello,
Our system was set for a schedule firmware upgrade - 7.4.1 to 7.4.2.
There was a scheduled automated message about the upgrade "Automatic firmware upgrade schedule changed" which housed when and what:
date=2023-12-22 time=23:08:37 devid="xxxx" devname="FG-companyname-SC" eventtime=1703315317648109599 tz="-0800" logid="0100032263" type="event" subtype="system" level="notice" vd="root" logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade new image installation scheduled between local time Thu Dec 28 23:16:15 2023 and local time Fri Dec 29 01:00:00 2023."
And in our logs we have a critical event (see screenshot) where this was actioned (in line with the timing listed in the email above) and we've just had reports that the there is no wifi being served through this.
A hard reset of the fortigate seems to resolve this issue but happens everytime the system reboots itself after an update.
What I find interesting is that there is no events between the 28th and 2nd Jan.
Its worth noting that there is also a warning in the logs after this update on 28th December but unsure if connected so will mention it never the less:
Local certificate Fortinet_SSL_RSA4096 will expire in 0 days.
Is there a known issue or something specific I could search for in order to help track down what the potential issue is for this?
Hello Rrodrigues,
Sometimes it happens that the certificate is expired and admins have trouble logging into the FortiGate GUI, as many browsers do not accept expired certificate.
In order to renew an expired built-in certificate, run the following command on FortiGate CLI:
# execute vpn certificate local generate default-ssl-key-certs
A message will be prompted to confirm the re-generation of the default certificate.
"Are you sure to re-generate the default RSA, DSA, ECDSA and EdDSA key certs for ssl resign?
Do you want to continue? (y/n)y
Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Renew-Certificate-Expired-on-FortiGate/ta-...
If you are not able to access the Fortigate due to expired certificates then the Console access to the Fortigate will be able to help us find the RCA.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-deal-with-a-kernel-panic/ta-p/22680...
Kindly let us know if this helps.
So its not about the page loading and having an error show up about an expired certificate.
You cant actually connect to the IP address and it simply times out.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.