Skip to Content

Solved: How do I configure FortiAnalyzer/FortiManager to use FortiManager as server to import the contract information?

This article provides the necessary information changes on FortiManager and FortiAnalyzer to allow the FortiManager to act as a FortiGuard server for the FortiAnalyzer and how to import the contract information without FortiGuard server (in closed network).

Scope

During the initial installation of new FortiManager/FortiAnalyzer VM is connecting to the FortiCare server to download the contract information.

Solution

To setup a new FortiAnalyzer VM.

Step 1: Upload the license file.

Upload the license file.

Step 2: FortiAnalyzer will try to connect to FortiCare servers.

FortiAnalyzer will try to connect to FortiCare servers.

Step 3: At this point one has two options:

  • To upload the Entitlement File to the FortiAnalyzer / FortiManager directly
  • To override the settings of the device about the FDS to point to a local FortiManager who is acting as a FortiGuard server

Starting with the first scenario which is upload the Entitlement File to the FortiAnalyzer / FortiManager directly

Step 1: Connect through the CLI to upload the Entitlement File (how to request, can be found in the links at the end of the article).

# execute fmupdate ftp import license EntitlementExport-2022-08-30T190500.229 10.55.5.220 / test1 test1
This operation will replace the current package!
Do you want to continue? (y/n)y
Start getting file from FTP Server...
Transferred 0.002M of 0.002M in 0:00:00s (0.014M/s)
FTP transfer is successful.
Package installation is in process... This could take some time.
Update successful

To review if the upload was successful type the diagnose fmupdate dbcontract command.

# diagnose fmupdate dbcontract
FAZ-VMTMxxxxxxx [SERIAL_NO]
AccountID: [email protected]
Industry:
Company:
Contract: 6
ENHN-1-10-20230831
FMWR-1-06-20230831
FRVS-1-06-20230831
PBDS-1-06-20230831
SOAR-1-06-20230831
SPRT-1-10-20230831
Contract Raw Data:

Step 2: After this step, the web page of the FortiAnalyzer/FortiManager needs to be reloaded.

The web page of the FortiAnalyzer/FortiManager needs to be reloaded.

To override the settings of the device about the FDS to point to a local FortiManager who is acting as a FortiGuard server

Step 1: Setup the FortiManager. The version of the FortiManager should be 6.2.x or newer.

# config system interface
edit "port2"
set ip 10.55.6.18 255.255.240.0
set serviceaccess fgtupdates fclupdates webfilter-antispam
config ipv6
set ip6-autoconf disable
end
next

config fmupdate service
set query-antispam enable
set webfilter-https-traversal enable
end

Step 2: To review if the port is open type the following command.

# diagnose fmnetwork netstat list
Active Internet connections (servers and established)
tcp 0 0 :::8890 :::* LISTEN

Step 3: After all these steps add the Entitlement File from the GUI (Go to FortiGuard > Settings > Service License > Upload). Or upload it through the CLI as was shown from the previous part of this article.

# diagnose fmupdate dbcontract
--- output omitted ---

Step 4: From the FortiAnalyzer set the following commands:

# config fmupdate server-override-status
set mode strict
end

config fmupdate fds-setting
config server-override
set status enable
config servlist
edit 1
set ip 10.55.6.18 <----FortiManager IP
set port 8890
next
end
end
end

Step 5: To review if the settings are correct type the command below.

# diagnose fmupdate view-serverlist fds
Fortiguard Server Comm : Enabled
Server Override Mode : Strict
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 10.55.6.18 8890 1 0 CLI

Step 6: If a second connection is kept to the FortiAnalyzer through CLI the FDS connectivity log can be observed with the command below:

# diagnose fmupdate view-linkd-log fds
2022/09/01_12:14:53.857 info fds_svrd[1003]: Send subshm update notification to fgdsvrd
2022/09/01_12:14:53.860 warn fds_svrd[1003]: *** Set forticlient max number: 50000
2022/09/01_12:14:53.860 info fds_svrd[1003]: update_downstream_fct_fect, 543: update file /var/fds/data/downstream_fct_fect.dat
2022/09/01_12:15:03.970 info fds_svrd[1003]: Start fds client session to '10.55.6.18:8890', task = SELPOLL svc=0
2022/09/01_12:15:03.990 info fds_svrd[1003]: [FMG-->FDS] Request: Protocol=4.0|Command=SelectivePoll|Firmware=FAZVM64-FW-7.02-1215|SerialNumber=FAZ-VMTM22011525|Persistent=false|DataItem=01000000CATL00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*04000000OBLT00000-00000.00000-0000000000*03001000SRUL00000-00000.00000-0000000000*03001000BREG00000-00000.00000-0000000000*01000000BLDV00000-00000.00000-0000000000*01000000OBJL00000-00000.00000-0000000000*01000000FMGI00000-00000.00000-0000000000*00000000IMLT00000-00000.00000-0000000000*01000000ALCI00000-00000.00000-0000000000|AcceptDelta=0|ContractItem=FAZ-VMTM22011525|__FMG2FMGVersion=1.0|__FMG2FMGService=FGT^M ^M
2022/09/01_12:15:04.041 info fds_svrd[1003]: FCP_CONN:: receiving package: num_objects=1 total_size=240
2022/09/01_12:15:04.041 info fds_svrd[1003]: FCP_CONN:: received object: id=04000000FCPR00000 ver=00000.00000-0000000000 size=112
2022/09/01_12:15:04.041 info fds_svrd[1003]: [FDS-->FMG] Response: Protocol=4.0|Firmware=FMG-VM64-FW-6.04-2253|SerialNumber=FMG-VMTMxxxxxx|Response=400|Persistent=false^M ^M
2022/09/01_12:15:04.041 error fds_svrd[1003]: Got error response from fds: code = 400
2022/09/01_12:15:04.042 info fds_svrd[1003]: Check update with fds 10.55.6.18 SUCCESS

Step 7: During the first connection to the FortiManager is normal to receive the error code 400. To overcome this is needed to restart the service.

# diagnose fmupdate service-restart fds
This operation will restart the selected service.
Do you want to continue? (y/n)y

# diagnose fmupdate view-linkd-log fds
2022/09/01_12:19:45.415 info fds_svrd[1003]: Start fds client session to '10.55.6.18:8890' by indicated request.
2022/09/01_12:19:45.433 info fds_svrd[1003]: [FMG-->FDS] Request: Protocol=3.0|Command=VMSetup|Firmware=FAZVM64-FW-7.02-1215|SerialNumber=FAZ-VMTM22011525|Uid=bb133442-db28-7dbb-f960-273d7ec41fd6|Language=en-US|UpdateMethod=1|__FMG2FMGVersion=1.0|__FMG2FMGService=FGT^M ^M
2022/09/01_12:19:45.556 info fds_svrd[1003]: FCP_CONN:: receiving package: num_objects=1 total_size=240
2022/09/01_12:19:45.556 info fds_svrd[1003]: FCP_CONN:: received object: id=04000000FCPR00000 ver=00000.00000-0000000000 size=112
2022/09/01_12:19:45.557 info fds_svrd[1003]: [FDS-->FMG] Response: Protocol=3.0|Firmware=FMG-VM64-FW-6.04-2253|SerialNumber=FMG-VMTMxxxxx|Response=200|Persistent=false^M ^M
2022/09/01_12:19:45.557 info fds_svrd[1003]: Send setup to fds 10.55.6.18 SUCCESS

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.