Here's a Fortinet link in troubleshooting FortiGuard server connectivity over the Internet. I was configuring a new FortiGate firewall in Multiple VDOM mode but I can't ping or perform a license update to the FortiGuard server (a cloud service over the Internet).
FGT # config vdom
FGT (vdom) # edit root
current vf=root:0
FGT (root) # execute ping update.fortiguard.net
Unable to resolve hostname.
The FortiGate uses FortiGuard public DNS server IP: 96.45.45.45 and 96.45.46.46 by default. To change DNS server settings, go to Network > DNS > select: Specify > type the usable public DNS server IP (Google DNS 8.8.8.8 or your private DNS server) > enable/toggle: DNS (UDP/53) > click Apply.
FGT (root) # execute ping service.fortiguard.net
PING guard.fortinet.net (208.184.237.61): 56 data bytes
64 bytes from 208.184.237.61: icmp_seq=0 ttl=47 time=255.0 ms
64 bytes from 208.184.237.61: icmp_seq=1 ttl=47 time=254.7 ms
64 bytes from 208.184.237.61: icmp_seq=2 ttl=47 time=254.7 ms
64 bytes from 208.184.237.61: icmp_seq=3 ttl=47 time=254.7 ms
64 bytes from 208.184.237.61: icmp_seq=4 ttl=47 time=254.7 ms
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 254.7/254.7/255.0 ms
FGT (root) # execute ping update.fortiguard.net
PING fds1.fortinet.com (12.34.97.16): 56 data bytes
64 bytes from 12.34.97.16: icmp_seq=0 ttl=46 time=332.9 ms
64 bytes from 12.34.97.16: icmp_seq=1 ttl=46 time=333.5 ms
64 bytes from 12.34.97.16: icmp_seq=2 ttl=46 time=333.4 ms
64 bytes from 12.34.97.16: icmp_seq=3 ttl=46 time=333.5 ms
64 bytes from 12.34.97.16: icmp_seq=4 ttl=46 time=337.0 ms
--- fds1.fortinet.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 332.9/334.0/337.0 ms
FGT (root) # execute ping guard.fortinet.net
PING guard.fortinet.net (208.184.237.61): 56 data bytes
64 bytes from 208.184.237.61: icmp_seq=0 ttl=47 time=254.9 ms
64 bytes from 208.184.237.61: icmp_seq=1 ttl=47 time=254.6 ms
64 bytes from 208.184.237.61: icmp_seq=2 ttl=47 time=254.5 ms
64 bytes from 208.184.237.61: icmp_seq=3 ttl=47 time=254.5 ms
64 bytes from 208.184.237.61: icmp_seq=4 ttl=47 time=254.5 ms
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 254.5/254.6/254.9 ms
The FortiCare (support and warranty), Next Generation Firewall licenses (Intrusion Prevention, Antivirus and Web filtering) were updated/enabled after a few minutes.
The Internet Service Database (ISDB) objects were updated as well. You can view these under Policy & Objects > Internet Service Database.
The ISDB is a comprehensive list of public IP addresses (Geolocation based), service/port numbers, reputation, popularity (Facebook, Amazon, Microsoft, etc.) which can be used in creating a firewall policy or security profile (Antivirus, Web filter, Application Control, etc.) in a FortiGate firewall.
No comments:
Post a Comment