If you have purchased FortiGuard services and registered your FortiGate, it should automatically connect to FortiGuard and display license information about your services. In this example, you will verify whether the FortiGate unit is communicating with FortiGuard. If the FortiGate cannot connect, you will troubleshoot the connection.
Go to the Dashboard and find the License Information widget.
An icon appears beside each FortiGuard service, indicating its current status. Only services that have been enabled in Feature Select will appear in the widget. To enable more services, go to System > Feature Select.
- : the service is active and the FortiGate is connected to FortiGuard network.
- : the FortiGate unit cannot connect to FortiGuard network or the FortiGate unit is not registered. For information about registering your FortiGate, see the recipe FortiGate registration and basic settings.
- : the subscription has not been activated or is expired. To add/renew a subscription, go to Fortinet Support.
You can also view FortiGuard license information by going to System > FortiGuard.
If a service that you subscribe to is shown as unavailable, there are several things you can do to troubleshoot the connection.
Go to Network > DNS and ensure that the primary and secondary DNS servers are correct and the FortiGate is Connected to FortiGuard.
To test if your DNS can reach FortiGuard, go to the Dashboard and enter the following command into the CLI Console:
execute ping guard.fortinet.net
If the connection is successful, the CLI Console should display a similar output as the example below:
PING guard.fortinet.net (18.104.22.168): 56 data bytes 64 bytes from 22.214.171.124: icmp_seq=0 ttl=59 time=60.0 ms 64 bytes from 126.96.36.199: icmp_seq=1 ttl=59 time=50.0 ms 64 bytes from 188.8.131.52: icmp_seq=2 ttl=59 time=50.0 ms 64 bytes from 184.108.40.206: icmp_seq=3 ttl=59 time=50.0 ms 64 bytes from 220.127.116.11: icmp_seq=4 ttl=59 time=50.0 ms --- guard.fortinet.net ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 50.0/52.0/60.0 ms
To test if the FortiGuard services are reachable, go to System > FortiGuard.
Under Filtering, check Filtering Services Availability. If you don't see a , select Check Again.
If FortiGuard services can still not be reached, your ISP may be blocking access to port 53 (used for DNS). Change the FortiGuard Filtering Port to the alternate port (8888). Select Apply and see if the services become available. If you are updating FortiGuard using a FortiManager, the FortiGuard Filtering Port can also be 80.
Go to the Dashboard and view the License Information widget. Any subscribed services should have a beside it.
Go to System > FortiGuard. Features and services you are subscribed to should have a beside it.