CLI verification
You can also use the CLI to see what FortiGuard servers are available to your FortiGate unit. Use the following CLI command to ping the FDN for a connection:
ping guard.fortinet.net
You can also use diagnose command to find out what FortiGuard servers are available:
diagnose debug rating
From this command, you will see output similar to the following:
Locale : english
License : Contract
Expiration : Sun Jul 24 20:00:00 2011
Hostname : service.fortiguard.net
-=- Server List (Tue Nov 2 11:12:28 2010) -=-
IP Weight RTT Flags TZ Packets Curr Lost Total Lost
69.20.236.180 0 10 -5 77200 0 42
69.20.236.179 0 12 -5 52514 0 34
66.117.56.42 0 32 -5 34390 0 62
80.85.69.38 50 164 0 34430 0 11763
208.91.112.194 81 223 D -8 42530 0 8129
216.156.209.26 286 241 DI -8 55602 0 21555
An extensive list of servers are available. Should you see a list of three to five available servers, the FortiGuard servers are responding to DNS replies to service.FortiGuard.net, but the INIT requests are not reaching FDS services on the servers.
The rating flags indicate the server status:
D | Indicates the server was found via the DNS lookup of the hostname. If the hostname returns more than one IP address, all of them will be flagged with 'D' and will be used first for INIT requests before falling back to the other servers. |
I | Indicates the server to which the last INIT request was sent |
F | The server has not responded to requests and is considered to have failed. |
T | The server is currently being timed. |
The server list is sorted first by weight and then the server with the smallest RTT is put at the top of the list, regardless of weight. When a packet is lost, it will be resent to the next server in the list.
The weight for each server increases with failed packets and decreases with successful packets. To lower the possibility of using a faraway server, the weight is not allowed to dip below a base weight, which is calculated as the difference in hours between the FortiGate unit and the server multiplied by 10. The further away the server is, the higher its base weight and the lower in the list it will appear.
See Also