I have a FortiGate 201E running 6.4.11. On the dashboard page in System Information, the WAN IP address shown is wrong. The IP address is one I do not recognise, and a whois lookup shows Amazon as the ISP (we don't use Amazon). If I run "diag sys waninfo ipify", it returns the correct IP address for the WAN interface.
What's going on? Is this cause for concern?
The dashboard is just showing your Fortigate's public IP address as it is seen by FortiGuard Servers. This is purely informative and cannot be changed directly if your Fortigate is hidden behind NAT.
More details can be obtained in CLI with command:
diagnose sys waninfo
diag debug en
diag debug application update -1
execute update-now
Hi Habeeb, thanks for your response. The FortiGate is not behind any NAT. The IP address statically configured on its WAN interface is a public IPv4 address assigned by our ISP.
The address previously showing in the GUI was 13.248.102.166, the same as shown when running diagnose sys waninfo. After I ran the commands above, it has changed to 13.248.102.134. Looking at the diag output, it appears that when updating, it is connecting to 13.248.131.62 (this is a FortiGuard server I assume).
All of these addresses are in the same /14 owned by Amazon. Is that significant? Does Fortinet host FortiGuard servers in AWS? Could something closer to the FortiGuard server being NAT'ing the connection for some reason?
The diag output is as follows:
PQLDSDC-FW01-U1 # diagnose sys waninfo
Public/WAN IP: 13.248.102.166
Location:
Latitude: -33.868820
Longitude: 151.209305
Accuracy radius: Unknown
Time zone: Australia/Sydney
City: Sydney
Subdivisions:
0: New South Wales
Country: Australia
Postal:
Code: 1335
Continent: Oceania
Registered country: Unknown
ISP: Unknown
PQLDSDC-FW01-U1 # diag debug en
PQLDSDC-FW01-U1 # diag debug application update -1
Debug messages will be on for 30 minutes.
PQLDSDC-FW01-U1 # execute update-nowupd_daemon[1508]-Found cached action=00000040
do_check_wanip[655]-Starting getting wan ip
upd_fds_load_default_server6[1105]-Resolve fds ipv6 address failed.
upd_comm_connect_fds[458]-Trying FDS 76.223.2.16:443
[113] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[480] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[486] ssl_ctx_use_builtin_store: Enable CRL checking.
[493] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[755] ssl_ctx_create_new_ex: SSL CTX is created
[782] ssl_new: SSL object is created
[166] ssl_add_ftgd_hostname_check: Add hostname checking 'globalupdate2.fortinet.net'
[343] __ssl_crl_verify_cb: CRL not found. Depth 0
__upd_peer_vfy[333]-Server certificate OK.
__upd_peer_vfy[333]-Server certificate OK.
__upd_peer_vfy[333]-Server certificate OK.
__upd_peer_vfy[333]-Server certificate OK.
[383] __bio_mem_dump: OCSP status good
[359] __ssl_crl_verify_cb: Cert error 20, unable to get local issuer certificate. Depth 0
pack_obj[202]-Packing obj=Protocol=3.0|Command=Setup|Firmware=FG201E-FW-6.04-2030|SerialNumber=FG201ETK18902891|Connection=Internet|Address=203.149.66.162:9443|Language=en-US|TimeZone=10|UpdateMethod=1
PQLDSDC-FW01-U1 # get_fcpr_response[308]-Unpacked obj: Protocol=3.0|Response=202|Firmware=FPT033-FW-6.8-0176|SerialNumber=FPT-FGT-AWS20001|Server=FDSG|Persistent=false|PEER_IP=13.248.102.160
get_fcpr_response[348]-Wan ip=[13.248.102.160]
upd_comm_disconnect_fds[499]-Disconnecting FDS 76.223.2.16:443
[203] __ssl_data_ctx_free: Done
[1046] ssl_free: Done
[195] __ssl_cert_ctx_free: Done
[1056] ssl_ctx_free: Done
[1037] ssl_disconnect: Shutdown
upd_daemon[1782]-Received update now request
upd_daemon[1508]-Found cached action=00000002
do_update[492]-Starting now UPDATE (final try)
upd_fds_load_default_server6[1105]-Resolve fds ipv6 address failed.
upd_act_HA_contract_info[788]-ContractItem FG201ETK18902891*FG201ETK18902837
upd_comm_connect_fds[458]-Trying FDS 13.248.131.62:443
[113] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[480] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[486] ssl_ctx_use_builtin_store: Enable CRL checking.
[493] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[755] ssl_ctx_create_new_ex: SSL CTX is created
[782] ssl_new: SSL object is created
[166] ssl_add_ftgd_hostname_check: Add hostname checking 'globalupdate2.fortinet.net'
[343] __ssl_crl_verify_cb: CRL not found. Depth 0
__upd_peer_vfy[333]-Server certificate OK.
__upd_peer_vfy[333]-Server certificate OK.
__upd_peer_vfy[333]-Server certificate OK.
__upd_peer_vfy[333]-Server certificate OK.
[383] __bio_mem_dump: OCSP status good
[359] __ssl_crl_verify_cb: Cert error 20, unable to get local issuer certificate. Depth 0
upd_pkg_create_update_req[711]-Update comp 0x410
pack_obj[202]-Packing obj=Protocol=3.2|Command=Update|Firmware=FG201E-FW-6.04-2030|SerialNumber=FG201ETK18902891|UpdateMethod=0|AcceptDelta=0|ContractItem=FG201ETK18902891*FG201ETK18902837|DataItem=01000000FSCI00100-00000.00000-0000000000
get_fcpr_response[308]-Unpacked obj: Protocol=3.2|Response=204|Firmware=FPT033-FW-6.8-0176|SerialNumber=FPT-FGT-AWS20001|Server=FDSG|Persistent=false|PEER_IP=13.248.102.132|ResponseItem=01000000FSCI00100:200*03001000FSSI00000:200
get_fcpr_response[348]-Wan ip=[13.248.102.132]
doInstallUpdatePackage[1007]-Full obj found for FSCI000
doInstallUpdatePackage[1017]-Updating obj FSCI
installUpdateObject[342]-Step 1:Unpack obj 10, Total=1, cur=0
installUpdateObject[371]-Step 2:Prepare temp file for obj 10
installUpdObjRest[615]-Step 3:Signal parent not to respawn
installUpdObjRest[625]-Step 4:Kill daemon(s)
installUpdObjRest[657]-Step 5:Backup /etc/sci.dat->/tmp/update.backup
installUpdObjRest[671]-Step 6:Copy new object /tmp/updx5MYj1->/etc/sci.dat
installUpdObjRest[729]-Step 7:Validate object
installUpdObjRest[753]-Step 8:Re-initialize using new obj file
upd_status_extract_contract_info[1219]-Extracting contract...(SerialNumber=FG201ETK18902891|Contract=AVDB-1-06-20230809:0:1:1:0*AVEN-1-06-20230809:0:1:1:0*NIDS-1-06-20230809:0:1:1:0*SPRT-1-20-20230809:0:1:1:0*FMWR-1-06-20230809:0:1:1:0*FRVS-1-06-20230809:0:1:1:0*FURL-1-06-20230809:0:1:1:0*HDWR-1-05-20230809:0:1:1:0*SPAM-1-06-20230809:0:1:1:0*ZHVO-1-06-20230809:0:1:1:0*ENHN-1-20-20230809:0:1:1:0*COMP-1-20-20230809:0:1:1:0|AccountID=vendorsupport@feroscare.com.au|Industry=Healthcare|Company=Feros Care|UserID=828737|)
update_status_obj[679]-AVDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-AVDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-ETDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-EXDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-MMDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-FLDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-DBDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-AVEN contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-NIDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-NIET contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-MUDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-NIEN contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-CFGS contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-SPRT contract expiry=Wed Aug 9 10:00:00 2023
level(20) alert(0)
update_status_obj[679]-FMWR contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-APDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-CIDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-UWDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-FRVS contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-FURL contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-MCDB contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-HDWR contract expiry=Wed Aug 9 10:00:00 2023
level(5) alert(0)
update_status_obj[679]-SPAM contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-ZHVO contract expiry=Wed Aug 9 10:00:00 2023
level(6) alert(0)
update_status_obj[679]-ENHN contract expiry=Wed Aug 9 10:00:00 2023
level(20) alert(0)
update_status_obj[679]-COMP contract expiry=Wed Aug 9 10:00:00 2023
level(20) alert(0)
upd_status_extract_contract_info[1219]-Extracting contract...(SupportLevelDesc=05:Advanced HW*06:Web/Online*20:Premium)
upd_status_extract_contract_info[1219]-Extracting contract...(SupportTypeDesc=AVDB:Advanced Malware Protection*COMP:*ENHN:*FMWR:Firmware & General Updates*FRVS:Vulnerability Management*FURL:Web & Video Filtering*HDWR:Hardware*NIDS:NGFW*SPAM:AntiSpam*SPRT:*ZHVO:FortiGuard Virus Outbreak Protection Service)
upd_status_extract_contract_info[1268]-pending registration(255) support acct(vendorsupport@feroscare.com.au) company(Feros Care) industry(Healthcare)
installUpdObjRest[765]-Step 9:Delete backup /tmp/update.backup
installUpdObjRest[787]-Step 10:Tell parent to respawn
doInstallUpdatePackage[1007]-Full obj found for FSSI000
doInstallUpdatePackage[1017]-Updating obj FSSI
installUpdateObject[342]-Step 1:Unpack obj 12, Total=1, cur=0
installUpdateObject[371]-Step 2:Prepare temp file for obj 12
installUpdObjRest[615]-Step 3:Signal parent not to respawn
installUpdObjRest[625]-Step 4:Kill daemon(s)
installUpdObjRest[657]-Step 5:Backup /etc/fssi.dat->/tmp/update.backup
installUpdObjRest[671]-Step 6:Copy new object /tmp/updCYbUdi->/etc/fssi.dat
installUpdObjRest[729]-Step 7:Validate object
installUpdObjRest[753]-Step 8:Re-initialize using new obj file
installUpdObjRest[765]-Step 9:Delete backup /tmp/update.backup
installUpdObjRest[787]-Step 10:Tell parent to respawn
upd_install_pkg[1395]-FSCI000 installed successfully
upd_install_pkg[1395]-FSSI000 installed successfully
upd_status_save_status[144]-try to save on status file
upd_status_save_status[210]-Wrote status file
__upd_act_update[357]-Package installed successfully
upd_comm_disconnect_fds[499]-Disconnecting FDS 13.248.131.62:443
[203] __ssl_data_ctx_free: Done
[1046] ssl_free: Done
[195] __ssl_cert_ctx_free: Done
[1056] ssl_ctx_free: Done
[1037] ssl_disconnect: Shutdown
upd_status_set_ha_expiry[1426]-Extracting contract...(SerialNumber=FG201ETK18902891|Contract=AVDB-1-06-20230809:0:1:1:0*AVEN-1-06-20230809:0:1:1:0*COMP-1-20-20230809:0:1:1:0*ENHN-1-20-20230809:0:1:1:0*FMWR-1-06-20230809:0:1:1:0*FRVS-1-06-20230809:0:1:1:0*FURL-1-06-20230809:0:1:1:0*HDWR-1-05-20230809:0:1:1:0*NIDS-1-06-20230809:0:1:1:0*SPAM-1-06-20230809:0:1:1:0*SPRT-1-20-20230809:0:1:1:0*ZHVO-1-06-20230809:0:1:1:0|AccountID=vendorsupport@feroscare.com.au|Industry=Healthcare|Company=Feros Care|UserID=828737)
PQLDSDC-FW01-U1 # diagnose sys waninfo
Public/WAN IP: 13.248.102.134
Location:
Latitude: -33.868820
Longitude: 151.209305
Accuracy radius: Unknown
Time zone: Australia/Sydney
City: Sydney
Subdivisions:
0: New South Wales
Country: Australia
Postal:
Code: 1335
Continent: Oceania
Registered country: Unknown
ISP: Unknown
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.