Setting up FortiGuard services

If you have purchased FortiGuard services and registered your FortiGate, it should automatically connect to FortiGuard and display license information about your services. In this example, you will verify whether the FortiGate unit is communicating with FortiGuard. If the FortiGate cannot connect, you will troubleshoot the connection.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Verifying the connection

Go to the Dashboard and find the License Information widget.

An icon appears beside each FortiGuard service, indicating its current status:

  •  : the service is active and the FortiGate is connected to FortiGuard network.
  • : the FortiGate unit cannot connect to FortiGuard network or the FortiGate unit is not registered.
  • : the subscription has not been activated or is expired. To add/renew a subscription, go to Fortinet Support.
 
You can also view FortiGuard license information by going to System > FortiGuard.  

2. Troubleshooting communication errors

If a service that you subscribe to is shown as unavailable, there are several things you can do to troubleshoot the connection.

Go to Network > DNS and ensure that the primary and secondary DNS servers are correct and the FortiGate is Connected to FortiGuard.  

To test if your DNS can reach FortiGuard, go to the Dashboard and enter the following command into the CLI Console:

execute ping guard.fortinet.net

If the connection is successful, the CLI Console should display a similar output as the example below:

PING guard.fortinet.net (208.91.112.198): 56 data bytes
64 bytes from 208.91.112.198: icmp_seq=0 ttl=59 time=60.0 ms
64 bytes from 208.91.112.198: icmp_seq=1 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=2 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=3 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=4 ttl=59 time=50.0 ms

--- guard.fortinet.net ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 50.0/52.0/60.0 ms

To test if the FortiGuard services are reachable, go to System > FortiGuard.

Under Filtering, check Filtering Services Availability. If you don’t see a , select Check Again.

 

If FortiGuard services can still not be reached, your ISP may be blocking access to port 53 (used for DNS). Change the FortiGuard Filtering Port to the alternate port (8888). Select Apply and see if the services become available.

If your FortiGate is still unable to connect to FortiGuard, you can find more troubleshooting methods and other information in the FortiGuard section of the FortiOS 5.4 Handbook.

3. Results

Go to the Dashboard and view the License Information widget. Any subscribed services should have a beside it.  
Go to System > FortiGuard. Features and services you are subscribed to should have a beside it.  

For further reading, check out FortiGuard in the FortiOS 5.4 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin
Only services that have been enabled in Feature Select will appear in the widget. To enable more services, go to System > Feature Select.
For information about registering your FortiGate, see the recipe FortiGate registration and basic settings.
If you are updating FortiGuard using a FortiManager, the FortiGuard Filtering Port can also be 80.

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.