General Discussions

Expand all | Collapse all

Cannot update software

  • 1.  Cannot update software

    Posted Mar 05, 2018 03:51 PM

    Hi,
    my fortigate 60D is blocking one of our software updates.
    I can update if no device and I already do the reset, even allowing all traffic policy just to test.
    any idea?

    PS: not also sure what port the software is using.



    Thanks!

    Hanivar



  • 2.  RE: Cannot update software

    LEADER
    Posted Mar 06, 2018 08:54 AM

    If you are allowing all traffic and still the update is being blocked.

    You might try to select inspect all port inside the ssl inspection profile (If you are using ssl inspection) 

    Rony Moussa

    NSE Certified : Level 8



  • 3.  RE: Cannot update software

    Posted Mar 07, 2018 10:56 PM

    Unfortunately, the description is quite vague.

    If you cannot find any messages in the Log&Report section, there are 2 further UTMs which drop traffic:

    - botnet blacklist

    - Application control

    The "block botnet C&C address" feature can be enabled in the interface setup ('wan1' for example) or in the policy allowing internet access. If you disable this the blacklist will not be effective anymore.

    For AppControl, the category 'Malicious Websites' is always enabled regardless of other user-chosen categories. For testing, disable any UTM feature in the policy 'lan' -> 'wan1', like AV, IPS, AC, WF or SSL inspection.

    The real question is if this is wise - the FGT nearly never produces false positives in my experience. The source of your sw update might well be compromised.



  • 4.  RE: Cannot update software

    Posted 16 days ago
    Which software updates?  What does forward traffic report?