Technical Tip: SD-WAN Bandwidth monitoring speed test shows Failed Dependency error

kkhushdeep · ‎09-04-2023

Description

This article describes that the SD-WAN Network Monitor license is used to perform the speed test for interfaces.

It should be possible to test the interface speed by selecting the execute speed test option as shown in the image:

Sometimes when selecting execute speed test it shows an error of 'Failed Dependency'.

Run the following commands for debugging:

diagnose debug reset

diagnose debug application forticldd -1
diagnose debug enable
execute speed-test-server download

From the results, it is necessary to check the IP of the server it is trying to connect. In the following sample output, the IP of the server is 154.52.6.199.

[767] ssl_ctx_create_new: SSL CTX is created
[794] ssl_new: SSL object is created
[861] ssl_set_hostname: Set hostname 'fortinet-ca2.fortinet.com'
[86] https_create: proxy server 0.0.0.0 port:0
[573] __tcps_tcp_start_connect: sockfd=13, server=154.52.6.199:443, use_harelay=0, use_proxy=0
[577] __tcps_tcp_start_connect: ret=-1
[582] __tcps_tcp_start_connect: errno=115(Operation now in progress)
[870] tcps_connect: 154.52.6.199:443 -- ret 0, state 0x0(Intialized) -> 0x11(Connecting)
Download timeout.

Scope

FortiGate, all firmware.

Solution

In this case, it is necessary to check the reachability to the FortiGuard servers by the following ping commands.

exe ping service.fortiguard.net

exe ping update.fortiguard.net

Also, try pinging the server IP from the debugs. In this case:

exe ping 154.52.6.199

Check the route for the FortiGuard servers.

Refer to the link below for FortiGuard server reachability troubleshooting:

Troubleshooting Tip: Unable to connect to FortiGuard servers.

If using SD-WAN, it is necessary to check the SD-WAN rules for FortiGuard services.

Also, in some cases where doing load balancing and using all the interfaces in the default route, try creating a static route for this server through the interface.