Skip to main content
lincoln29
lincoln29
Explorer
September 13, 2024
Solved

Fortimanager could not add FTG device

  • September 13, 2024
  • 3 replies
  • 3149 views

When I add FGT v7.2.8 build1639 (Mature) in FGTM v7.2.6-build1632 240809 (GA) a Detect Failed message appears. Can anyone help me? Fortimanager does not ping Fortigate. Fortimanager does not ping Fortigate. They are on the same network. I configured allowed ping. 

Best answer by FortiArt

Please check this article that solve FGT FMG connectivity and communication:

 

https://community.fortinet.com/t5/FortiManager/Troubleshooting-Tip-How-to-troubleshoot-connectivity-issues/ta-p/192593

 

Hope this helps

3 replies

AEK
SuperUser
AEK
SuperUser
September 13, 2024

As long as ping is not working there is no communication. You need to fix it before doing the integration. It can have multiple causes like bad cable, wrong IP configuration ans so.

AEK
lincoln29
lincoln29Author
Explorer
September 13, 2024

FTGM already pings the FGT, but when I add the FGT to FTGM, an error occurs:
detect failed

 

PING FMG-VM64-KVM # exe ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1): 56 data bytes
764 bytes from 10.0.1.1: seq=0 ttl=255 time=1.345 ms
64 bytes from 10.0.1.1: seq=1 ttl=255 time=1.724 ms
64 bytes from 10.0.1.1: seq=2 ttl=255 time=0.735 ms
64 bytes from 10.0.1.1: seq=3 ttl=255 time=0.784 ms

 

FGT-1 # exe ping 10.0.1.2
PING 10.0.1.2 (10.0.1.2): 56 data bytes
64 bytes from 10.0.1.2: icmp_seq=0 ttl=64 time=1.1 ms
64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=1.2 ms
64 bytes from 10.0.1.2: icmp_seq=2 ttl=64 time=1.3 ms
64 bytes from 10.0.1.2: icmp_seq=3 ttl=64 time=1.8 ms
64 bytes from 10.0.1.2: icmp_seq=4 ttl=64 time=1.2 ms

 

sw2090
SuperUser
sw2090
SuperUser
September 13, 2024

yes the error handling in FMG with adding new devices is indeed very poor. Fortinet should improve that. 

You only get such messages or similar but no actual error cause :(

 

You should make sure that FMG can reach the Device you want to add. Enable ping on the device's interface that you use to add it in FMG and check if FMG can ping it. If it cannot check cabling, policies, routing,... until ping works.

Also make sure that on the Device's interface FMG-Access is enabled (needed for FGFM protocol to work!). Also make sure that this is enabled ONLY on this device. I had cases here where it was on on more than the one interface and that kept fmg from adding the device.

FortiArt
Staff
FortiArtAnswer
Staff
September 13, 2024

Please check this article that solve FGT FMG connectivity and communication:

 

https://community.fortinet.com/t5/FortiManager/Troubleshooting-Tip-How-to-troubleshoot-connectivity-issues/ta-p/192593

 

Hope this helps

    lincoln29
    lincoln29Author
    Explorer
    September 15, 2024

    FGTM pings FGTS but I can't add the device. Could it be a license?
    Message:

     

    This site can't be reached


    Try:

    Check your connection
    Check your proxy and firewall
    Run Windows Network Diagnostics
    ERR_CONNECTION_TIMED_OUT

    Terms & ConditionsAccessibility statement