Skip to main content
jasonhong
Staff & Editor
jasonhong
Staff & Editor
February 17, 2025

Troubleshooting Tip: Unable to add VM into FortiManager due to 'Unsupported device model'

  • February 17, 2025
  • 0 replies
  • 10502 views
Description

This article describes how to troubleshoot the issue when the user cannot add a VM (FortiGate-VM/FortiCarrier-VM/ FortiProxy-VM/ FortiFirewall-VM) into FortiManager.
Scope FortiManager v7.2.10, v7.4.7, v7.6.3.
Solution
  1. Starting from FortiManager v7.2.10, v7.4.7, and v7.6.3, the connection between VM and FortiManager is restricted for security. By default, FortiManager will not allow VM platform connection in FGFM.

 

This applies to the following products:

  • FortiGate-VM.
  • FortiAnalyzer-VM.
  • FortiCarrier-VM.
  • FortiProxy-VM.
  • FortiFirewall-VM.

 

  1. The below sample scenario shows a user attempting to add FortiGate-VM into FortiManager (v7.2.10), but is prompted with a pop-up where FortiGate-VM cannot connect to FortiManager.

 

fgtdisable.png

 

On the FortiManager FGFM debug, FortiManager effectively rejects the FGFM connection from the FortiGate-VM device, and a response of 'Unsupported device model' can be seen.

 

   diagnose debug reset
   diagnose debug console timestamp enable
   diagnose debug application fgfmd -1
   diagnose debug enable

 

This debug can be used to verify the FGFM connection attempt and observe the rejection behavior, including messages such as 'Unsupported device model'.

 

Request [/bin/fgfmsd:3207:1]:

{ "client": "\/bin\/fgfmsd:3207", "id": 1, "method": "exec", "params": [{ "data": { "create_unreg": 1, "device": { "beta": -1, "branch_pt": 1706, "build": 1706, "conn_mode": 0, "dev_status": 0, "faz.perm": 15, "flags": 1, "hostname": "FortiGate-VM", "ip": "10.47.XXX.XXX", "maxvdom": 10, "mgmt_mode": 1, "mgmt_uuid": "00000000-0000-0000-0000-000000000000", "mr": 2, "name": "Tiara-kvm05", "os_type": 0, "os_ver": -1, "patch": 10, "platform_id": -1, "platform_str": "FortiGate-VM64-KVM", "sn": "FGVM01TMXXXXXX", "source": 1, "tab_status": "<unknown>", "version": 700}, "from": 1}, "url": "dvm\/cmd\/manage\/device"}], "session": -1}

Response [unknown]:

{ "id": 1, "result": [{ "status": { "code": -20026, "message": "Unsupported device model"}, "url": "dvm\/cmd\/manage\/device"}]}

 

diagnose debug disable

 

  1. To allow VM platform connection in FGFM, enter the following command in the FortiManager CLI (Note: this command will restart the FGFM daemon on FortiManager, causing a short re-establishment of connections with all devices on the FortiManager):

 

config system global

    set fgfm-allow-vm enable

end

 

Note:

The FortiGate tries to register with the FortiManager cloud, but if the fgfm-deny-unknown setting is enabled, the FortiManager Cloud cannot accept the request from the FortiGate. Disable the fgfm-deny-unknown on the FortiManager Cloud.

 

config system global

    set fgfm-deny-unknown disable

end

 

  1. Subsequently, FortiManager will allow the FGFM connection from the respective VM device, and the VM device will appear under the Unauthorized List in FortiManager Device Manager. Users can then authorize the VM device to be fully managed by FortiManager.

 

fgtenabled.png

 

unathdev.png

 

Related article:

Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager
    Terms & ConditionsAccessibility statement