Fortinet black logo

Cookbook

Setting up FortiGuard services

Copy Link
Copy Doc ID 598118ae-ea1f-11e9-8977-00505692583a:598721
Download PDF

Setting up FortiGuard services

If you have purchased FortiGuard services and registered your FortiGate, it should automatically connect to FortiGuard and display license information about your services. In this example, you will verify whether the FortiGate unit is communicating with FortiGuard. If the FortiGate cannot connect, you will troubleshoot the connection.

1. Verifying the connection

Go to the Dashboard and find the License Information widget.

An icon appears beside each FortiGuard service, indicating its current status. Only services that have been enabled in Feature Select will appear in the widget. To enable more services, go to System > Feature Select.

  • : the service is active and the FortiGate is connected to FortiGuard network.
  • : the FortiGate unit cannot connect to FortiGuard network or the FortiGate unit is not registered. For information about registering your FortiGate, see the recipe FortiGate registration and basic settings.
  • : the subscription has not been activated or is expired. To add/renew a subscription, go to Fortinet Support.

You can also view FortiGuard license information by going to System > FortiGuard.

2. Troubleshooting communication errors

If a service that you subscribe to is shown as unavailable, there are several things you can do to troubleshoot the connection.

Go to Network > DNS and ensure that the primary and secondary DNS servers are correct and the FortiGate is Connected to FortiGuard.

To test if your DNS can reach FortiGuard, go to the Dashboard and enter the following command into the CLI Console:

execute ping guard.fortinet.net

If the connection is successful, the CLI Console should display a similar output as the example below:

PING guard.fortinet.net (208.91.112.198): 56 data bytes
64 bytes from 208.91.112.198: icmp_seq=0 ttl=59 time=60.0 ms
64 bytes from 208.91.112.198: icmp_seq=1 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=2 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=3 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=4 ttl=59 time=50.0 ms
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 50.0/52.0/60.0 ms

To test if the FortiGuard services are reachable, go to System > FortiGuard.

Under Filtering, check Filtering Services Availability. If you don't see a , select Check Again.

If FortiGuard services can still not be reached, your ISP may be blocking access to port 53 (used for DNS). Change the FortiGuard Filtering Port to the alternate port (8888). Select Apply and see if the services become available. If you are updating FortiGuard using a FortiManager, the FortiGuard Filtering Port can also be 80.

If your FortiGate is still unable to connect to FortiGuard, you can find more troubleshooting methods and other information in the FortiGuard section of the FortiOS 5.4 Handbook.

3. Results

Go to the Dashboard and view the License Information widget. Any subscribed services should have a beside it.

Go to System > FortiGuard. Features and services you are subscribed to should have a beside it.

For further reading, check out FortiGuard in the FortiOS 5.4 Handbook.

Setting up FortiGuard services

If you have purchased FortiGuard services and registered your FortiGate, it should automatically connect to FortiGuard and display license information about your services. In this example, you will verify whether the FortiGate unit is communicating with FortiGuard. If the FortiGate cannot connect, you will troubleshoot the connection.

1. Verifying the connection

Go to the Dashboard and find the License Information widget.

An icon appears beside each FortiGuard service, indicating its current status. Only services that have been enabled in Feature Select will appear in the widget. To enable more services, go to System > Feature Select.

  • : the service is active and the FortiGate is connected to FortiGuard network.
  • : the FortiGate unit cannot connect to FortiGuard network or the FortiGate unit is not registered. For information about registering your FortiGate, see the recipe FortiGate registration and basic settings.
  • : the subscription has not been activated or is expired. To add/renew a subscription, go to Fortinet Support.

You can also view FortiGuard license information by going to System > FortiGuard.

2. Troubleshooting communication errors

If a service that you subscribe to is shown as unavailable, there are several things you can do to troubleshoot the connection.

Go to Network > DNS and ensure that the primary and secondary DNS servers are correct and the FortiGate is Connected to FortiGuard.

To test if your DNS can reach FortiGuard, go to the Dashboard and enter the following command into the CLI Console:

execute ping guard.fortinet.net

If the connection is successful, the CLI Console should display a similar output as the example below:

PING guard.fortinet.net (208.91.112.198): 56 data bytes
64 bytes from 208.91.112.198: icmp_seq=0 ttl=59 time=60.0 ms
64 bytes from 208.91.112.198: icmp_seq=1 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=2 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=3 ttl=59 time=50.0 ms
64 bytes from 208.91.112.198: icmp_seq=4 ttl=59 time=50.0 ms
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 50.0/52.0/60.0 ms

To test if the FortiGuard services are reachable, go to System > FortiGuard.

Under Filtering, check Filtering Services Availability. If you don't see a , select Check Again.

If FortiGuard services can still not be reached, your ISP may be blocking access to port 53 (used for DNS). Change the FortiGuard Filtering Port to the alternate port (8888). Select Apply and see if the services become available. If you are updating FortiGuard using a FortiManager, the FortiGuard Filtering Port can also be 80.

If your FortiGate is still unable to connect to FortiGuard, you can find more troubleshooting methods and other information in the FortiGuard section of the FortiOS 5.4 Handbook.

3. Results

Go to the Dashboard and view the License Information widget. Any subscribed services should have a beside it.

Go to System > FortiGuard. Features and services you are subscribed to should have a beside it.

For further reading, check out FortiGuard in the FortiOS 5.4 Handbook.