Unable to add a model device by serial number (But Success when using Discover and PSK)

Question

Hi guys,

I am testing add new FGTs on FMG. Here are the model I am using:

FMG-VM64-KVM6.2.5 and FortiOS-VM64-KVM 6.2.3. Both are Free Trial.

I have tried to use Discover Wizzard and PSK to add FGTs, they are working fine. But when I use the SN number. It's failed.

Debug information shown on FMG:

[style="background-color: #ccffff;"]Request:[/style] [style="background-color: #ccffff;"]{ "client": "dmserver:548", "id": 384, "method": "exec", "params": [{ "data": { "device": 134, "force": 0}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}[/style] [style="background-color: #ccffff;"]FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:send:[/style] [style="background-color: #ccffff;"]put auth[/style] [style="background-color: #ccffff;"]user=admin[/style] [style="background-color: #ccffff;"]passwd=******[/style]

[style="background-color: #ccffff;"]FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:[/style] [style="background-color: #ccffff;"]reply 501[/style] [style="background-color: #ccffff;"]request=auth[/style]

[style="background-color: #ccffff;"]Response:[/style] [style="background-color: #ccffff;"]{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}[/style] [style="background-color: #ccffff;"]Response:[/style] [style="background-color: #ccffff;"]{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}[/style]

[style="background-color: #ffffff;"]Has anyone encounter same issue before. I am guessing the admin password on FMG mismatches with that on FGT. But I already try several time to modify the password. Still same result.[/style]

[style="background-color: #ffffff;"] [/style]

[style="background-color: #ffffff;"]Here are some of me reference links:[/style]

[style="background-color: #ffffff;"] [/style]

[style="background-color: #ffffff;"]https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/615344/adding-a-model-device[/style]

https://kb.fortinet.com/kb/documentLink.do?externalID=FD48001

https://forum.fortinet.com/m/tm.aspx?m=177241&p=2

My current configuration:

FMG:

FMG-VM64-KVM # show system global config system global set adom-status enable set enc-algorithm low set fgfm-ssl-protocol tlsv1.0 set usg enable end

FGT:

TEST # show system central-management config system central-management set type fortimanager set fmg "192.168.236.99" set fmg-source-ip 192.168.236.100 set enc-algorithm default end

neonbit · Answer

I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?

I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded