| The following error is observed on the FortiGate, even though FortiManager is not used. Message: Verify FortiManager Serial Number
The FortiManager's access to the FortiGate will be authenticated by the FortiManager certificate. The serial number from the certificate must match the serial number observed on the FortiManager.
Could not connect to the FortiManager to retrieve its serial number  This happens because the central management was set to type FortiManager. Galileo-kvm15 (central-management) # show full
config system central-management
set mode normal
set type fortimanager
set schedule-config-restore enable
set schedule-script-restore enable
set allow-push-configuration enable
set allow-push-firmware enable
set allow-remote-firmware-upgrade enable
set allow-monitor enable
unset serial-number
set fmg "sid.fortiddns.com"
set fmg-source-ip 0.0.0.0
set fmg-source-ip6 ::
set local-cert ''
unset ca-cert
set vdom "root"
set fmg-update-port 8890
set fmg-update-http-header disable
set include-default-servers enable
set enc-algorithm high
set interface-select-method auto
set vrf-select 0
end To resolve the issue, change the type to FortiGuard if FortiManager is not being used. Galileo-kvm15 (central-management) # show full
config system central-management
set mode normal
set type fortiguard set schedule-config-restore enable
set schedule-script-restore enable
set allow-push-configuration enable
set allow-push-firmware enable
set allow-remote-firmware-upgrade enable
set allow-monitor enable
set local-cert ''
set vdom "root"
set fmg-update-port 8890
set fmg-update-http-header disable
set enc-algorithm high
end If the error persists, enable fgfm-peercert-withoutsn in the Global Settings on FortiManager, then configure the FortiManager serial number on the FortiGate under the Central Management configuration. FortiManager: config system global set fgfm-peercert-withoutsn enable end FortiGate: config system central-management
set type fortimanager set serial-number <Serial Number> end Notes: - The command 'fgfm-peercert-withoutsn' has been removed from FortiManager v7.2.10/v7.4.6/v7.6.2. As a result, it is now a hard requirement for the FortiGate to present the local serial number inside the CN= field of the certificate it is presenting to the FortiManager. For more details, see the related articles below.
- If FortiManager is being used, ensure connectivity and confirm that port 541 is reachable between the FortiGate and the FortiManager, as port 541 is the default used by the FGFM protocol for communication between these devices. Run below CLI commands in FortiGate to check the connectivity status.
diagnose sniffer packet any "host X.X.X.X" 4 0 l Run commands below in another CLI window: execute ping X.X.X.X
execute telnet X.X.X.X 541
X.X.X.X is the IP of FortiManager. - Verify the 'fgfm-allow-vm' setting under FortiManager:
config sys global set fgfm-allow-vm disable end - The setting 'fgfm-allow-vm' is used in FortiManager to control the connection of VM platforms. This setting is configured under Global Settings in FortiManager and determines if VM devices are permitted to register and communicate with FortiManager.
- Starting from FortiManager v7.4.7 and v7.6.3, this setting is disabled by default. The administrator must enable this setting to integrate VM devices. (Note: this command will restart the FGFM daemon on FortiManager, causing a short re-establishment of connections with all devices on the FortiManager.)
config system global set fgfm-allow-vm enable end VM Platforms affected: - FortiGate-VM.
- FortiAnalyzer-VM
- FortiCarrier-VM.
- FortiProxy-VM.
- FortiFirewall-VM.
- Once the virtual machine has been successfully added, this option can be disabled again (Existing managed virtual machine FortiGate will not be affected if this option is disabled).
Related articles: Troubleshooting Tip: How to solve the error message 'Could not connect to the FortiManager to retrie... Technical Tip: Setup custom certificate for FGFM protocol Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager | 
