Home

Fortinet Device Registration Woes: Troubleshooting the Spinning Reseller Field Issue

.

A frustrating technical issue has been plaguing Fortinet administrators worldwide: the FortiGate registration process hangs with a perpetually spinning reseller field, preventing devices from registering with FortiCare through the GUI interface. This problem affects not only FortiGate firewalls but also connected devices like FortiSwitch and FortiAP when attempting registration through a FortiGate controller. Based on multiple technical advisories from Fortinet's community and user reports across platforms, this issue stems primarily from connectivity problems between the device and Fortinet's service infrastructure.

The reseller dropdown is a critical component of Fortinet's registration workflow, requiring devices to fetch partner information from Fortinet servers. When this connection fails, administrators encounter a registration deadlock—they cannot proceed with device setup, potentially leaving security infrastructure without proper support services. The issue has been reported across various FortiOS versions and affects both new deployments and existing installations.

Root Cause Analysis: Why the Reseller Field Won't Populate

Connectivity and DNS Configuration Issues

According to Fortinet's technical documentation, the most common cause of the spinning reseller field is inadequate internet connectivity from the FortiGate device. The device must be able to reach Fortinet's servers to fetch the necessary registration data. Administrators should first verify basic connectivity by pinging known IP addresses and ensure the FortiGate can resolve hostnames using its configured DNS servers.

The DNS protocol configuration plays a crucial role in this process. If a FortiGate is configured to use DNS over TLS (DoT) or DNS over HTTPS (DoH) exclusively without proper setup, it may fail to resolve Fortinet's service domains. Fortinet specifically notes that "wrong DNS protocol configuration will result in unresolved hostnames and FortiGate cannot reach the internet using hostnames/URLs."

FortiGuard Anycast Service Complications

A significant contributor to this issue relates to Fortinet's FortiGuard Anycast service, which is enabled by default on most devices. This service is designed to provide optimal routing to Fortinet's security services but can sometimes interfere with the registration process. When the anycast service experiences routing issues or connectivity problems, the reseller list retrieval fails silently, resulting in the perpetual spinning animation.

Technical analysis reveals that the registration process attempts to communicate with specific FortiGuard Distribution Servers (FDS) to fetch reseller information. When these connections fail—either due to network restrictions, firewall policies, or service disruptions—the GUI cannot proceed beyond the reseller selection step.

Step-by-Step Solutions: From Basic Checks to Advanced Troubleshooting

Initial Connectivity Verification

Before attempting complex solutions, administrators should perform these fundamental checks:

  1. Confirm internet access from the FortiGate using command-line ping tests to both IP addresses and domain names
  2. Verify DNS resolution by testing if the FortiGate can resolve Fortinet service domains like globalupdate.fortinet.net and update.fortiguard.net
  3. Check system DNS configuration using the command get system dns to ensure proper DNS servers are configured
  4. Test FortiGuard connectivity using dedicated diagnostic commands

The FortiGuard Anycast Workaround

The most consistently effective solution documented across multiple sources involves disabling the FortiGuard anycast service temporarily during registration:

config system fortiguard     set fortiguard-anycast disable     set protocol udp     set port 8888     set sdns-server-ip 208.91.112.220 173.243.140.53 210.7.96.53 end

This configuration change forces the FortiGate to use specific unicast servers instead of the anycast network. After making these changes, administrators should update the FDS servers with execute update-now and attempt the registration process again. Fortinet's technical team emphasizes that "disabling FortiGuard anycast and using another protocol and port will load and populate the Reseller option."

Alternative Registration Methods

When GUI registration continues to fail, administrators have two alternative approaches:

Manual Registration via Support Portal: Devices can be registered directly through Fortinet's support website using the serial number and contract information. This bypasses the device-based registration process entirely.

CLI Registration Method: FortiGate devices support direct registration through the command line interface:

diagnose forticare direct-registration product-registration -a <FortiCloud username> -p <password> -T <country> -R <reseller> -e 1

For registering FortiSwitch or FortiAP devices through a FortiGate controller, the command expands to include the specific device serial number:

diagnose forticare direct-registration product-registration -N <FortiSwitch/AP Serial Num.> -a <FortiCloud username> -p <password> -T <country> -R <reseller> -e 1

Version-Specific Considerations and Edge Cases

FortiOS Version Impacts

Registration behavior varies across different FortiOS versions. Notably, starting with FortiOS versions 7.2.11, 7.4.8, 7.6.5, and 8.0.0, registration has become mandatory to access the FortiGate GUI. This change makes resolving registration failures even more critical for new deployments.

Specific bugs have been identified in certain versions. For instance, there's a known issue (ID: 1137213) where registration is possible only via CLI, not GUI, which was resolved in FortiGate versions 7.4.9 and 7.6.4. Additionally, earlier versions had issues registering FortiAPs managed by non-management VDOMs on FortiGate, resolved in v7.2.6, v7.4.2, and later.

Special Device Considerations

  • FortiAP F-series models have a known registration issue resolved in FortiAP firmware v6.4.8, v7.0.3, and later versions
  • Email accounts associated with multiple FortiCloud accounts cannot register new devices using the FortiGate GUI—registration must occur directly on the FortiCloud website
  • Already-registered devices will fail registration attempts and require transfer procedures instead of new registration
  • Inactive devices (shown with red status) cannot be registered through the FortiGate—only actively connected devices appear in the registration interface

Proactive Measures and Best Practices

Network Configuration Recommendations

To prevent registration issues before they occur, network administrators should:

  • Configure outbound firewall policies that allow FortiGate devices to communicate with Fortinet services on required ports
  • Ensure DNS servers support the necessary protocols (cleartext, DoT, or DoH) consistently
  • Consider creating SD-WAN rules to steer FortiGuard traffic directly, bypassing potential proxy interference
  • Verify time synchronization on the FortiGate, as certificate validation may fail with incorrect system time

Registration Workflow Optimization

When deploying new Fortinet devices, consider this optimized workflow:

  1. Complete basic network configuration with verified internet access
  2. Attempt GUI registration first
  3. If the reseller field spins indefinitely, immediately implement the anycast disable workaround
  4. For persistent failures, use CLI registration as a reliable alternative
  5. Verify registration status in both the device interface and FortiCloud portal

The Bigger Picture: Fortinet's Registration Ecosystem

Understanding Fortinet's registration framework helps contextualize these technical issues. Device registration serves multiple purposes: it activates support services, enables license validation, and links devices to organizational accounts. The reseller field specifically connects devices to channel partners who provide support and services—a critical component of Fortinet's partner ecosystem.

Fortinet's renewal guide emphasizes that "a renewed customer is a customer who knows our products better," highlighting the importance of seamless registration and renewal processes. The registration system ultimately ties into Fortinet's contract management infrastructure, where each product's serial number serves as the primary identifier for service entitlements.

While the spinning reseller field represents a frustrating technical hurdle, the multiple documented solutions provide administrators with a clear path to resolution. By understanding the underlying connectivity requirements and having both GUI and CLI registration methods available, organizations can ensure their Fortinet security infrastructure becomes fully operational with minimal disruption to deployment timelines.

Frequently Asked Questions

Why does the reseller field keep spinning when I try to register my FortiGate?

The spinning reseller field typically indicates that your FortiGate cannot establish proper communication with Fortinet's servers to fetch the reseller list. This is most commonly caused by DNS resolution failures, internet connectivity issues, or problems with the FortiGuard Anycast service. The device needs to successfully contact Fortinet's registration servers to populate this dropdown menu.

What's the quickest fix for the spinning reseller field issue?

The fastest solution is to temporarily disable the FortiGuard anycast service via the CLI command: config system fortiguard followed by set fortiguard-anycast disable. This often resolves the issue immediately. Remember to re-enable anycast after successful registration unless you have specific reasons to keep it disabled.

Can I register my Fortinet device without using the GUI?

Yes, you have two alternative methods: manual registration through Fortinet support portal using your device serial number, or CLI registration directly from the device using the diagnose forticare direct-registration command. The CLI method is particularly useful when GUI registration fails consistently.

Does this issue affect only FortiGate devices or other Fortinet products too?

This issue affects multiple Fortinet products, including FortiGate, FortiSwitch, and FortiAP devices. When registering FortiSwitch or FortiAP through a FortiGate controller, the same reseller field population problem can occur, preventing completion of the registration process for these connected devices.

How can I prevent this registration issue in future deployments?

To minimize registration problems: verify internet connectivity before starting registration, ensure proper DNS configuration with working resolvers, check firewall policies allow outbound connections to Fortinet services, and consider pre-registering devices through the support portal before deployment. Keeping devices updated to stable firmware versions also helps avoid known bugs.