Solved: How do I configure FortiAnalyzer/FortiManager to use FortiManager as server to import the contract information?

This article provides the necessary information changes on FortiManager and FortiAnalyzer to allow the FortiManager to act as a FortiGuard server for the FortiAnalyzer and how to import the contract information without FortiGuard server (in closed network).

Table of Contents

Scope
Solution
Starting with the first scenario which is upload the Entitlement File to the FortiAnalyzer / FortiManager directly
To override the settings of the device about the FDS to point to a local FortiManager who is acting as a FortiGuard server

Scope

During the initial installation of new FortiManager/FortiAnalyzer VM is connecting to the FortiCare server to download the contract information.

Solution

To setup a new FortiAnalyzer VM.

Step 1: Upload the license file.

Upload the license file.

Step 2: FortiAnalyzer will try to connect to FortiCare servers.

Step 3: At this point one has two options:

To upload the Entitlement File to the FortiAnalyzer / FortiManager directly
To override the settings of the device about the FDS to point to a local FortiManager who is acting as a FortiGuard server

Starting with the first scenario which is upload the Entitlement File to the FortiAnalyzer / FortiManager directly

Step 1: Connect through the CLI to upload the Entitlement File (how to request, can be found in the links at the end of the article).

# execute fmupdate ftp import license EntitlementExport-2022-08-30T190500.229 10.55.5.220 / test1 test1
This operation will replace the current package!
Do you want to continue? (y/n)y
Start getting file from FTP Server...
Transferred 0.002M of 0.002M in 0:00:00s (0.014M/s)
FTP transfer is successful.
Package installation is in process... This could take some time.
Update successful

To review if the upload was successful type the diagnose fmupdate dbcontract command.

# diagnose fmupdate dbcontract
FAZ-VMTMxxxxxxx [SERIAL_NO]
AccountID: [email protected]
Industry:
Company:
Contract: 6
ENHN-1-10-20230831
FMWR-1-06-20230831
FRVS-1-06-20230831
PBDS-1-06-20230831
SOAR-1-06-20230831
SPRT-1-10-20230831
Contract Raw Data:

Step 2: After this step, the web page of the FortiAnalyzer/FortiManager needs to be reloaded.

To override the settings of the device about the FDS to point to a local FortiManager who is acting as a FortiGuard server

Step 1: Setup the FortiManager. The version of the FortiManager should be 6.2.x or newer.

# config system interface
edit "port2"
set ip 10.55.6.18 255.255.240.0
set serviceaccess fgtupdates fclupdates webfilter-antispam
config ipv6
set ip6-autoconf disable
end
next

config fmupdate service
set query-antispam enable
set webfilter-https-traversal enable
end

Step 2: To review if the port is open type the following command.

# diagnose fmnetwork netstat list
Active Internet connections (servers and established)
tcp 0 0 :::8890 :::* LISTEN

Step 3: After all these steps add the Entitlement File from the GUI (Go to FortiGuard > Settings > Service License > Upload). Or upload it through the CLI as was shown from the previous part of this article.

# diagnose fmupdate dbcontract
--- output omitted ---

Step 4: From the FortiAnalyzer set the following commands:

# config fmupdate server-override-status
set mode strict
end

config fmupdate fds-setting
config server-override
set status enable
config servlist
edit 1
set ip 10.55.6.18 <----FortiManager IP
set port 8890
next
end
end
end

Step 5: To review if the settings are correct type the command below.

# diagnose fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Strict
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 10.55.6.18 8890 1 0 CLI

Step 6: If a second connection is kept to the FortiAnalyzer through CLI the FDS connectivity log can be observed with the command below:

# diagnose fmupdate view-linkd-log fds
2022/09/01_12:14:53.857 info fds_svrd[1003]: Send subshm update notification to fgdsvrd
2022/09/01_12:14:53.860 warn fds_svrd[1003]: *** Set forticlient max number: 50000
2022/09/01_12:14:53.860 info fds_svrd[1003]: update_downstream_fct_fect, 543: update file /var/fds/data/downstream_fct_fect.dat
2022/09/01_12:15:03.970 info fds_svrd[1003]: Start fds client session to '10.55.6.18:8890', task = SELPOLL svc=0
2022/09/01_12:15:03.990 info fds_svrd[1003]: [FMG-->FDS] Request: Protocol=4.0|Command=SelectivePoll|Firmware=FAZVM64-FW-7.02-1215|SerialNumber=FAZ-VMTM22011525|Persistent=false|DataItem=01000000CATL00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*04000000OBLT00000-00000.00000-0000000000*03001000SRUL00000-00000.00000-0000000000*03001000BREG00000-00000.00000-0000000000*01000000BLDV00000-00000.00000-0000000000*01000000OBJL00000-00000.00000-0000000000*01000000FMGI00000-00000.00000-0000000000*00000000IMLT00000-00000.00000-0000000000*01000000ALCI00000-00000.00000-0000000000|AcceptDelta=0|ContractItem=FAZ-VMTM22011525|__FMG2FMGVersion=1.0|__FMG2FMGService=FGT^M ^M
2022/09/01_12:15:04.041 info fds_svrd[1003]: FCP_CONN:: receiving package: num_objects=1 total_size=240
2022/09/01_12:15:04.041 info fds_svrd[1003]: FCP_CONN:: received object: id=04000000FCPR00000 ver=00000.00000-0000000000 size=112
2022/09/01_12:15:04.041 info fds_svrd[1003]: [FDS-->FMG] Response: Protocol=4.0|Firmware=FMG-VM64-FW-6.04-2253|SerialNumber=FMG-VMTMxxxxxx|Response=400|Persistent=false^M ^M
2022/09/01_12:15:04.041 error fds_svrd[1003]: Got error response from fds: code = 400
2022/09/01_12:15:04.042 info fds_svrd[1003]: Check update with fds 10.55.6.18 SUCCESS

Step 7: During the first connection to the FortiManager is normal to receive the error code 400. To overcome this is needed to restart the service.

# diagnose fmupdate service-restart fds
This operation will restart the selected service.
Do you want to continue? (y/n)y

# diagnose fmupdate view-linkd-log fds
2022/09/01_12:19:45.415 info fds_svrd[1003]: Start fds client session to '10.55.6.18:8890' by indicated request.
2022/09/01_12:19:45.433 info fds_svrd[1003]: [FMG-->FDS] Request: Protocol=3.0|Command=VMSetup|Firmware=FAZVM64-FW-7.02-1215|SerialNumber=FAZ-VMTM22011525|Uid=bb133442-db28-7dbb-f960-273d7ec41fd6|Language=en-US|UpdateMethod=1|__FMG2FMGVersion=1.0|__FMG2FMGService=FGT^M ^M
2022/09/01_12:19:45.556 info fds_svrd[1003]: FCP_CONN:: receiving package: num_objects=1 total_size=240
2022/09/01_12:19:45.556 info fds_svrd[1003]: FCP_CONN:: received object: id=04000000FCPR00000 ver=00000.00000-0000000000 size=112
2022/09/01_12:19:45.557 info fds_svrd[1003]: [FDS-->FMG] Response: Protocol=3.0|Firmware=FMG-VM64-FW-6.04-2253|SerialNumber=FMG-VMTMxxxxx|Response=200|Persistent=false^M ^M
2022/09/01_12:19:45.557 info fds_svrd[1003]: Send setup to fds 10.55.6.18 SUCCESS