Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AtiT
Valued Contributor

FortClient signature updates from FortiManager

Hello, I need some help with the following setup.

I installed a FortiManger as a FDS server for FortiClients and I set the following in the CLI:

 

config system global

set adom-mode advanced set adom-status enable end

config system interface edit "port1" set ip 192.168.1.90 255.255.255.0 set allowaccess ping https ssh set serviceaccess fgtupdates fclupdates webfilter-antispam next end

config fmupdate fct-services set port 8888 end

When I set a FC profile in the EMS to use the IP 192.168.1.90 for signature updates and port 8888 and failover port 8899 the FortiClient shows: Could not connect to the update server Sniffing the packet on the FortiManager I can see that the FortiClient tries to reach the manager on port 80 (why?) after that on port 8899. After the SYN packet a RESET packet is sent from the FortiManager.

When I enable HTTP access on the interface and set the port 80 or 8899 I can see communication to URL /fdsupdate and some response in HTTP: FCPRFCP Response The FortiClient ends with message: Online update failed

Where is the problem? How to set up FDS on FortiManager correctly?

FortiManager, EMS and FortiClient are on 6.0.4 version.

 

AtiT

AtiT
4 REPLIES 4
Stuart_Robertson
New Contributor

Hi,

 

Got the same issues using EMS and Micro-FortiGuard Server.  Any assistance would be appreciated

 

Thanks 

 

 

dombilod1

Hi AtiT

 

Have you found a way to fix this ?  Have the same issue here.

 

Thanks

dombilod1

I fixed the problem by putting same version of Fortimanager, that I was using on EMS and Forticlient.

 

We had EMS and FCT on 6.0.5 and FMGR on 6.2......  Rolling back FMGR to 6.0.5 did the trick.

 

Thanks

dara79

Hi, i had the same problem, running fortimanager 6.0 and 6.2..

i found a solution that worked for me,also worked on a lab setup.

server doesn't care about "config fmupdate fct-services", it don't listen on the port.

configure fortimanager update in the ems to the admin http port of the fortimanager so port 80 by default..

 

BR

Daniel

 

Labels
Top Kudoed Authors