Comunidad FORTIGATE.es

Hola a todos, presento problemas en eun equipo 90D, en los modulos de fortiguard aparece unreacheable. Se realizan las siguiente pruebas pero sin exito.
Realizando ping a 8.8.8.8 y a yahoo.com se tiene respuesta, incluso a la pagina de service.fortiguard.com y se tiene respuesta desde el mismo fortigate.

BASHAM_QRO # diagnose debug application update -1

BASHAM_QRO # diagnose debug enable

BASHAM_QRO # execute update-now

BASHAM_QRO # upd_daemon.c[1053] upd_daemon-Received update now request
upd_daemon.c[323] do_update-Starting now UPDATE (final try)
upd_act.c[275] __upd_act_update-Trying FDS 208.91.112.68:443 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 208.91.112.68:443
upd_act.c[275] __upd_act_update-Trying FDS 208.91.112.68:443 with AcceptDelta=1
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 208.91.112.68:443
upd_act.c[275] __upd_act_update-Trying FDS 208.91.112.68:443 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
execute upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 208.91.112.68:443
upd_daemon.c[355] do_update-UPDATE failed
208.91.112.68

command parse error before '208.91.112.68'
Command fail. Return code -61

BASHAM_QRO #
BASHAM_QRO # diag debug app update 255

BASHAM_QRO # diag debug en

BASHAM_QRO # exec update-now

BASHAM_QRO # upd_daemon.c[1053] upd_daemon-Received update now request
upd_daemon.c[323] do_update-Starting now UPDATE (final try)
upd_act.c[275] __upd_act_update-Trying FDS 208.91.112.68:443 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 208.91.112.68:443
upd_act.c[275] __upd_act_update-Trying FDS 208.91.112.68:443 with AcceptDelta=1
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 208.91.112.68:443
upd_act.c[275] __upd_act_update-Trying FDS 208.91.112.68:443 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 208.91.112.68:443
upd_daemon.c[355] do_update-UPDATE failed
upd_daemon.c[217] do_setup-Starting SETUP
upd_act.c[181] upd_act_setup-Trying FDS 96.45.33.89:443
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled

BASHAM_QRO # upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[185] upd_act_setup-Failed connecting to 96.45.33.89:443
upd_daemon.c[235] do_setup-Failed setup
upd_act.c[275] __upd_act_update-Trying FDS 96.45.33.89:443 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 96.45.33.89:443
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1005] upd_daemon-Doing ring request because it's been too long (505188)
upd_daemon.c[448] do_ring-Starting RING
upd_act.c[275] __upd_act_update-Trying FDS 96.45.33.89:443 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
upd_comm.c[524] ssl_connect_fds-Poll timeout
upd_comm.c[618] upd_comm_connect_fds-Failed SSL connect
upd_act.c[280] __upd_act_update-Failed connecting to 96.45.33.89:443
upd_daemon.c[454] do_ring-Failed get license
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_daemon.c[987] upd_daemon-Received ring request
upd_daemon.c[1012] upd_daemon-Not doing ring request because not long enough since last one (0)
upd_comm_connect_fds-Failed SSL connect
Unknown action 0

Agradecería su apoyo


Saludos

Buenas tardes amigo probastes utilizando los dns de fortinet.
En dns selecciona fortiguard o incluso puedes usar los de tu isp.

Saludos

Hola, And:
Si puse los de fortinet que tiene por default, y los del ISP y presentamos el mismo problema, al principio la realizar test en equipo fortigate en fortiguard, nos mostraba dicho error, pero después de varios días ya no marcaba error en los DNS. y aun continua sim poderse actualizar

Hola, que firmware estas usando?
el equipo esta como fw perimetral? delante de el no hay algun otro fw?

Cambiaste el port de fortiguard en vez de 53 el 8888 ?

tambien podes probar de modificar el rango de update.

revisa estos links:
[Debes identificarte para poder ver enlaces.]

[Debes identificarte para poder ver enlaces.]

[Debes identificarte para poder ver enlaces.]

Hola Gaby:

No hay ningun equipo enfrente del FW, ya se cambio al 8888, por comando se realizaron las pruebas con execute update-av, update-ips update-now y sin exito y el rango de update tambien se modifico y sin exito.

Saludos

hola, si haces diag debug rating que muestra?

saludos.

Hola :

Despues de 10 minutos no muestra nada sobre el comando diag debug rating, realize un segundo comando

B # diagnose spamfilter fortishield servers
Locale : english

The service is not enabled.

B # show system global
config system global
set admin-port 50000
set admin-sport 2080
set admin-ssh-port 100
set admintimeout 100
set fgd-alert-subscription advisory latest-threat
set gui-endpoint-control disable
set gui-multiple-utm-profiles enable
set gui-traffic-shaping disable
set gui-vulnerability-scan enable
set gui-wan-load-balancing disable
set gui-wireless-controller disable
set hostname "BASHAM_QRO"
set timezone 09
end

BASHAM_QRO # diagnose debug rating 1
Locale : english
License : Contract
Expiration : Thu Mar 2 2017

Hola Gaby Rossy la version es 5.2.7

Saludos

que tipo de enlace tenes en el equipo? directamente con ip publica?
yo creo que algo delante te esta bloqueando el trafico.

Hola Gaby Rossy:

Se realizo pruebas por medio de otro ISP y se logro la actualización sin problemas.

hola, ok perfecto.

revisa con ese proveedor algun filtro que tenga.

saludos

Hola:

Si por el momento ya están verificando esa parte con el ISP y ellos ya se encuentran haciendo pruebas.

Gracias por todo