FortiGuard Servers are not reachable

From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.

This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.

In most cases the problem is caused by anycast issues. Anycast is used for the connection with the FortiGuard servers starting with FortiOS v6.2.

Fortinet is working on this issue but in the meantime following workaround can be used via the CLI:

config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 53 (or 8888)
set sdns-server-ip "45.75.200.89"
end

The server „45.75.200.89“ is located in the UK. Alternatively you can use „208.91.112.220“ which is located in the US.

More information for Fortiguard Troubleshooting can be found in this KB article.

 348 total views,  3 views today

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.