Skip to Content

How to fix FIPS enabled device not able to send logs to FortiCloud

This article describes the case when after enabling FIPS device is not able to send logs to FortiCloud.

Scope

FortiCloud.

Solution

The user might be getting the below logs in the FortiCloud debug:

Cert error 20, unable to get local issuer certificate. Depth 0
Cert error 20, unable to get local issuer certificate. Depth 0

It is possible to run the below debugs to verify the output:

diag debug application update -1
diag debug enable
exec update-now

FIPS status can be verified using the below command:

get system status | grep FIPS
get system fips-cc

Note: In FIPS mode device will not be able to send logs to FortiCloud, it is an expected behavior, due to an unsupported feature between the device and the cloud.