Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ahameed
Staff
Staff

Created on ‎07-26-2017 01:28 PM Edited on ‎12-29-2023 09:33 AM By Moderator

Article Id 191380

Troubleshooting Tip: FortiCloud internal error when activating a FortiCloud account on FortiGate

Description

 

This article describes how to handle an internal server error that occurs when activating the FortiCloud account on FortiGate. This is mostly encountered due to the FortiGate either being unable to resolve the names or unable to reach the FortiGuard services.
ahameed_FD40586_tn_FD40586-1.jpg


Scope

 

Activating cloud-based logging and reporting on FortiGate.


Solution

 

Verify if FortiGate can resolve the host names and reach the FortiGuard servers.

 

  1. Open the CLI of the FortiGate and run the following commands.

 

execute ping-options source <ip address of the wan interface>

 

After, ping FortiGuard services:

 

execute ping service.fortiguard.net

Unable to resolve hostname.

 

  1. Go to Network -> DNS, and change the DNS server to 'Use FortiGuard Servers' and apply.
  2. Repeat step (1)

 

execute ping service.fortiguard.net

PING guard.fortinet.net (208.91.112.194): 56 data bytes

64 bytes from 208.91.112.194: icmp_seq=0 ttl=55 time=247.3 ms

64 bytes from 208.91.112.194: icmp_seq=1 ttl=55 time=246.1 ms

64 bytes from 208.91.112.194: icmp_seq=2 ttl=55 time=246.5 ms

64 bytes from 208.91.112.194: icmp_seq=3 ttl=55 time=251.4 ms

64 bytes from 208.91.112.194: icmp_seq=4 ttl=55 time=245.8 ms

 

If the FortiGate still cannot reach service.fortiguard.net, proceed to step 4.

 

  1. Set the source IP address to the IP addresses of the WAN (if multiple WAN interfaces are used)  then the one which works with a command in step (1).

 

config system fortiguard

set source-ip <- The IP address of the WAN interface which can reach service.fortiguard.net.

end

 

Setting the source IP will not force traffic to use that interface. FortiGate will follow the routing table.

In FortiOS v6.2.4 and above, users can choose the interface manually for FortiGate's self-generated traffic:

 

config system fortiguard

set interface-select-method specify 

set interface <interface> 

end

  

  1. Verify step (1). If successful, attempt to activate the FortiCloud account again.

  2. If the issue persists, configure the FortiGuard logs setting and add the same configuration from step 4. After, reactivate the account again.

config log fortiguard setting

set source-ip <- IP address of the WAN interface which can reach service.fortiguard.net.

end

44517
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.