Skip to main content
Arif69
Staff
Arif69
Staff
December 4, 2025

Troubleshooting Tip: Unreg_Dev_Opt command overwrites the Fgfm-Deny-Unknown command

  • December 4, 2025
  • 0 replies
  • 382 views
Description This article describes why FortiManager is unable to add FortiGate even when Fgfm-Deny-Unknown is disabled.
Scope FortiManager.
Solution

It is not possible to add FortiGate into FortiManager, and it shows as follows in the fgfm debug:

 

diagnose debug application fgfmsd 255

diagnose debug enable

...

...

FGFMs(probing...): __get_handler:1057: sn matchedFGFMs(probing...): __get_handler: serialno in peer cert is <FGVM4VTMXXXXXXXX>
FGFMs(probing...): fgfm_get_inst_info,105: serial=, devid=0, revision=0, timestamp=0.
Request [/bin/fgfmsd:1414:1750]:
{ "client": "\/bin\/fgfmsd:1414", "id": 1750, "method": "exec", "params": [{ "data": { "create_unreg": 1, "device": { "beta": -1, "branch_pt
": 1740, "build": 1740, "conn_mode": 0, "dev_status": 0, "faz.perm": 15, "flags": 1, "hostname": "vm-A", "ip": "20.211.88
.167", "maxvdom": 2, "mgmt_mode": 1, "mgmt_uuid": "00000000-0000-0000-0000-000000000000", "mr": 2, "name": "vm-A", "os_ty
pe": 0, "os_ver": -1, "patch": 11, "platform_id": -1, "platform_str": "FortiGate-VM64-AZURE", "sn": "FGVM4VTMXXXXXXXX", "source": 1, "tab_st
atus": "<unknown>", "version": 700}, "from": 1}, "url": "dvm\/cmd\/manage\/device"}], "session": -1}
Response [unknown]:
{ "id": 1750, "result": [{ "status": { "code": -20012, "message": "Unregistered device ignored"}, "url": "dvm\/cmd\/manage\/device"}]}
FGFMs(probing...): Cleanup session 0x55d3cdcc3e60, 20.211.88.167.
FGFMs(probing...): Destroy session 0x55d3cdcc3e60, 20.211.88.167.
FGFMs(FG6H0ETBXXXXXXXX-20038-10.248.200.78): server:
get file_exchange
localid=2802
chan_window_sz=32768
deflate=gzip
file_exch_cmd=put_json_cmd

 

The 'Unregistered device ignored' error is usually due to fgfm-deny-unknown enable in FortiManager:

 

show system global

set fgfm-deny-unknown enable

end

 

However, in certain cases, the fgfm-deny-unknown command is already disabled, but FortiManager still shows the 'Unregistered device ignored'. 

 

Further checking shows the following setting in FortiManager:

 

show system admin setting

set unreg_dev_opt ignore

end

 

The command unreg_dev_opt ignore will overwrite the fgfm-deny-unknown disable command. Hence, FortiManager is not able to add the FortiGate.

 

After changing the following settings, FortiManager can add the FortiGate:

 

config system admin setting

set unreg_dev_opt add_allow_service

end
    Terms & ConditionsAccessibility statement