Chapter 18 Troubleshooting : ­Troubleshooting tools : FortiGuard troubleshooting : FortiGuard server settings : Calculating weight
  
Calculating weight
The weight for each server increases with failed packets and decreases with successful packets. To lower the possibility of using a remote server, the weight is not allowed to dip below a base weight, calculated as the difference in hours between the FortiGate unit and the server times 10. The further away the server is, the higher its base weight and the lower in the list it will appear.
 
The output for the diag debug rating command will vary based on the state of the FortiGate device.
The following output is from a FortiGate device that has no DNS resolution for service.fortiguard.net.
If only three IP addresses appear with the D flag, it means that DNS is good but probably the FortiGuard ports 53 and 8888 are blocked.
When the license is expired, an INIT request will be sent every 10 minutes for up to six attempts. If a license is not found after this limit is reached, the INIT requests will be sent every day.
A low source port number may appear which means that ports 1024 and 1025 could be blocked on the path to the FDS. Increase the source port on the FortiGate device with the following commands:
config sys global
set ip-src-port-range <start-end> (Default 1024-25000)
Be careful moving ports like this as it may cause some services to stop working if they can’t access their original ports. If you make this change, ensure all services that use ports are checked and updated to new port numbers if needed.