Reading time: 1 minute
Some lessons learned while doing a Trade-up of several FortiGates for satellite locations. After using the Forticonverter service the FortiGates (FortiOS 6.0.8 to 7.2.1) would not connect to FortiCloud and I kept getting errors about not connected to FortiGuard. All traffic stopped passing through the firewalls as well. Tried everything under the sun and everything that Fortinet Support told me to do. Nothing worked. It ended up being such a simple fix that I had to send it to Fortinet. Note to self: DON’T FORGET TO CHECK THIS
For example support recommended that I do this:
config system fortiguard set fortiguard-anycast disable set protocol udp set sdns-server-ip "208.91.112.220"
That did not work, but I’m saving in case it does work in another scenario. You never know. Actually; I had to do that AND the following:
The problem ended up being that under DNS Settings the only option selected for resolving DNS was TLS(TCP/853)
Once I enabled DNS(UDP/53) the FortiGate connected to FortiCloud and FortiGuard. Hours of wasted time which caused me to backout the swap.
Note to self: FortiConverter will sometimes add settings not found in original configuration. Note to self: DON’T FORGET TO CHECK THIS
