FortiGuard Servers are not reachable

Update – 10. November 2021: It seems that the server «45.75.200.89» is not in use anymore – it is «not reachable» at the moment. Please use «194.69.172.53» instead.

Blogpost – 3. November 2020:

From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.

This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.

In most cases the problem is caused by anycast issues. Anycast is used for the connection with the FortiGuard servers starting with FortiOS v6.2.

Fortinet is working on this issue but in the meantime following workaround can be used via the CLI:

config system fortiguard
  set fortiguard-anycast disable
  set protocol udp
  set port 53 (or 8888)
  set sdns-server-ip "194.69.172.53"
end

It’s pretty important to configure a SDNS server when you disable the anycast setting – otherwise you cannot use the DNS filter feature of the Fortigate. The server «45.75.200.89» is located in the UK. Alternatively you can use «208.91.112.220» which is located in the US.

More information for Fortiguard Troubleshooting can be found in this KB article.

 5,794 total views,  8 views today

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.