FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FortiOS has a feature to send attack characteristics to FortiGuard in order to maintain and improve the IPS signature quality. The information is sent to the FortiGuard servers when an attack occurs and can be used to keep the database current as variants of attacks evolve.
This feature can be activated:
In the GUI: System > Config > FortiGuard - "AV&IPS Download Options" section - "Submit attack characteristics to FortiGuard Service Network to help improve IPS signature quality (recommended)"
In the CLI: config ips global > set traffic-submit enable
The default value of this option changed from disable to enable, starting from FortiOS v5.2.4.
If the FortiGate is configured to send the attack characteristics to the FortiGuard servers, but cannot resolve the URL "fortinetipssubmit.com", then a log stating "Can't resolve the IP address of fortinetipssubmit.com" is generated.
Solution
Two solutions exist to resolve this issue and stop receiving this log.
If the FortiGate has Internet connectivity and the attack characteristics are to be submitted to FortiGuard Service Network, verify the DNS settings by going to System > Network > DNS
If the connectivity to FortiGuard is established, it should be possible to ping fortinetipssubmit.com
# exec ping fortinetipssubmit.com PING fortinetipssubmit.com (208.91.113.110): 56 data bytes 64 bytes from 208.91.113.110: icmp_seq=0 ttl=42 time=164.8 ms
If the FortiGate does not have Internet connectivity and it is not required to submit the attack characteristics to FortiGuard Service Network, disable this feature from the GUI or CLI as explained above.
