Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎10-10-2023 02:31 AM Edited on ‎02-26-2024 06:52 AM By Community Manager

Unable to connect to fortiguard servers

Good morning friends, a question.

Could you please help me with this query, because that message appears "Unable to connect to fortiguard servers"

In firewall v7.0.12 we are using the DNS of the ISP provider and no drops are observed. There is no latency

The licenses are in UP and expire in 2024.

 

What could be happening? thanks for your comments

 

10.jpgScreenshot_4.jpg

Labels:
1600
0 Kudos
2 Solutions
Satory
New Contributor III

Created on ‎10-10-2023 02:44 AM

You may try disabling anycast and use pure DNS:

config system fortiguard
  set fortiguard-anycast disable
  set port 53
  set source-ip x.x.x.x
end

View solution in original post

1592
0 Kudos
hbac
Staff
Staff

Created on ‎10-12-2023 07:39 AM

Hi @unknown1020,

 

Are you able to ping update.fortiguard.net by running "execute ping update.fortiguard.net" in the CLI? You can try to make the following changes and see if it helps: 

 

config system fortiguard
set fortiguard-anycast disable
set sdns-server-ip 208.91.112.220
end

 

Regards, 

View solution in original post

1503
0 Kudos
5 REPLIES 5
Satory
New Contributor III

Created on ‎10-10-2023 02:44 AM

You may try disabling anycast and use pure DNS:

config system fortiguard
  set fortiguard-anycast disable
  set port 53
  set source-ip x.x.x.x
end

1593
0 Kudos
pavankr5
Staff
Staff

Created on ‎10-12-2023 12:12 AM

Hello @unknown1020 

 Unable to connect to FortiGuard servers 
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-connect-to-FortiGuard-serv...

Thanks,

Pavan

1520
0 Kudos
smayank
Staff
Staff

Created on ‎10-12-2023 04:37 AM

Hello 

Fortiguard could be ureachable when it sends queries from lowest index interface

There are method to add interface in fortiguard settings.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Functionality-of-set-interface-select-meth...

Please check by taking snifferes if quries going towards fortiguard server is going with some random IP.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Functionality-of-set-interface-select-meth...
Thanks & Regards 
Mayank Sharma

1511
0 Kudos
hbac
Staff
Staff

Created on ‎10-12-2023 07:39 AM

Hi @unknown1020,

 

Are you able to ping update.fortiguard.net by running "execute ping update.fortiguard.net" in the CLI? You can try to make the following changes and see if it helps: 

 

config system fortiguard
set fortiguard-anycast disable
set sdns-server-ip 208.91.112.220
end

 

Regards, 

1504
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.