Hot!FortClient signature updates from FortiManager

Author
AtiT
Platinum Member
  • Total Posts : 463
  • Scores: 40
  • Reward points: 0
  • Joined: 2012/04/18 12:13:27
  • Location: Prague / Czech Republic
  • Status: offline
2019/04/06 14:36:34 (permalink) 6.0
0

FortClient signature updates from FortiManager

Hello,
I need some help with the following setup.
I installed a FortiManger as a FDS server for FortiClients and I set the following in the CLI:
 
config system global
set adom-mode advanced
set adom-status enable
end

config system interface
edit "port1"
set ip 192.168.1.90 255.255.255.0
set allowaccess ping https ssh
set serviceaccess fgtupdates fclupdates webfilter-antispam
next
end

config fmupdate fct-services
set port 8888
end

When I set a FC profile in the EMS to use the IP 192.168.1.90 for signature updates and port 8888 and failover port 8899 the FortiClient shows: Could not connect to the update server
Sniffing the packet on the FortiManager I can see that the FortiClient tries to reach the manager on port 80 (why?) after that on port 8899. After the SYN packet a RESET packet is sent from the FortiManager.

When I enable HTTP access on the interface and set the port 80 or 8899 I can see communication to URL /fdsupdate and some response in HTTP: FCPRFCP Response
The FortiClient ends with message: Online update failed

Where is the problem?
How to set up FDS on FortiManager correctly?

FortiManager, EMS and FortiClient are on 6.0.4 version.
 
post edited by AtiT - 2019/04/06 14:38:06

AtiT
--------------------
NSE 8, CCNP R+S
#1
Stuart Robertson
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/11/19 04:03:27
  • Location: Sandton South Africa
  • Status: offline
Re: FortClient signature updates from FortiManager 2019/05/13 08:20:04 (permalink)
0
Hi,
 
Got the same issues using EMS and Micro-FortiGuard Server.  Any assistance would be appreciated
 
Thanks 
 
 
#2
dombilod
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/08 07:01:22
  • Status: offline
Re: FortClient signature updates from FortiManager 2019/05/21 09:35:47 (permalink)
0
Hi AtiT
 
Have you found a way to fix this ?  Have the same issue here.
 
Thanks
#3
dombilod
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/08 07:01:22
  • Status: offline
Re: FortClient signature updates from FortiManager 2019/05/22 07:33:27 (permalink)
0
I fixed the problem by putting same version of Fortimanager, that I was using on EMS and Forticlient.
 
We had EMS and FCT on 6.0.5 and FMGR on 6.2......  Rolling back FMGR to 6.0.5 did the trick.
 
Thanks
#4
dara79
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/10 00:56:45
  • Status: offline
Re: FortClient signature updates from FortiManager 2019/05/24 06:13:46 (permalink)
0
Hi, i had the same problem, running fortimanager 6.0 and 6.2..
i found a solution that worked for me,also worked on a lab setup.
server doesn't care about "config fmupdate fct-services", it don't listen on the port.
configure fortimanager update in the ems to the admin http port of the fortimanager so port 80 by default..
 
BR
Daniel
 
#5
Jump to:
© 2019 APG vNext Commercial Version 5.5