Loss of license due to "Server No Response"

DennisInfra · ‎07-21-2023

Hi,

I've a problem of loss of the liceense in my FortiAnalyzer. I've set a proxy and it's used to login the the cloud account. The FortiAnalyzer reboots and everything seems to be OK. But a few minutes / hours later, I get this alert message:

License validation state changes from Trial License Init to Found disconnecting because of Server No Response

I checked the proxy log and there is no entry of any kind of access. If I check the firewall logs, I can see that the FortiAnalyzer tries to communicate directly with some servers in the internet - I guess some license servers!?

Afterwards I get a "duplicate license" error (but there is only one license in my account) and instead of the analyzer login a could login dialog is shown. I can login with my cloud account, the analyzer reboots, everyhting seems to be fine... for at least some hours.

So, has anyone an idea, why the proxy isn't used to contact the license servers for validation?

Regards,

Dennis

saneeshpv_FTNT · ‎07-21-2023

Hi,

Have you setup your proxy correctly as below.

Go to "config fmupdate av-ips web-proxy".
Set the address of the proxy using "set address ".
Set the mode of the proxy using "set mode {proxy | tunnel}".
Set the password for the user name used for authentication using "set password ".
Set the port number of the web proxy using "set port ".

Example:

config fmupdate av-ips web-proxy

set status enable

set mode proxy

set ip x.x.x.x

set port 8890

set username avipsupdater

set password cvhk3rf3u9jvsYU

end

Also please make sure to disable SSL interception in your Forward Proxy for the FAZ IP address.

If the above doesn't work, please try the options mentioned in the below article.

Technical Tip: How to configure FortiAnalyzer/Fort... - Fortinet Community

Also if possible, please share your firewall logs for checking.

Regards

DennisInfra · ‎07-26-2023

Yes, I setup this proxy. And even setup the system web-proxy:

config system web-proxy

set address <string>

set mode {proxy | tunnel}

set password <passwd>

set port <integer>

set status {enable | disable}

set username <string>

end

But the traffic to the license servers are not send to the proxy, it's still send to the internet directly.

I haven't read your link completely because I only use the free license and think the information from your link won't apply here.

DennisInfra · ‎07-26-2023

Small update after I got a tip: after deleting all proxy settings, do a clean reboot, set proxy settings and reboot again, I can see much more requests on the proxy now.

I'll wait some days to see if this fixed the issue.

Alfredoest · ‎08-10-2023

I've set up a proxy for cloud account login, and everything seems fine after a reboot. However, after a few hours, I receive an alert stating, "License validation state changes from Trial License Init to Found disconnecting because of Server No Response." I've checked the proxy and firewall logs, and it's intriguing that the FortiAnalyzer attempts to communicate directly with internet servers, likely license servers. I also encounter a "duplicate license" error, despite having just one license in my account.

DennisInfra · ‎08-20-2023

Have you tried to set the system proxy also?

config system web-proxy

According to my experience, both proxys should be set.

AdrianaMadilyn · ‎01-01-2024

You mentioned the FortiAnalyzer attempting to communicate directly with servers. Have you reviewed the firewall logs to see if there are any blocked connections to the license servers?