Explorer II

Question

Unable to register Fortigate with Fortimanager

Forum|Forum|9 months ago
August 22, 2025
4 replies
1449 views

Dear All,

I tried a lot but unable to register Fortigate with Fortimanager.

Please note that I am using Fortigate Version: FortiGate-VM64-KVM v7.0.3,build0237,211207 (GA) and Fortimanager Version : v7.2.10-build1682 250211 (GA).

FMG ========================================

Fortigate to Fortimanager reachability is fine.

FMG # execute ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=255 time=2.953 ms
64 bytes from 192.168.10.1: seq=1 ttl=255 time=3.292 ms
64 bytes from 192.168.10.1: seq=2 ttl=255 time=3.024 ms
64 bytes from 192.168.10.1: seq=3 ttl=255 time=2.750 ms

--- 192.168.10.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 2.750/3.004/3.292 ms

FMG #

FMG # config system global

(global)# show
config system global
set enc-algorithm low
set hostname "FMG"
set ssl-protocol tlsv1.0
set usg enable
end

(global)#

===========================================================

Fortigate

==========================================================

FGT (global) # show
config system global
set alias "FortiGate-VM64-KVM"
set hostname "FGT"
set ssl-min-proto-version TLSv1
set timezone 04
end

FGT (global) #

FGT (central-management) # show
config system central-management
set type fortimanager
set fmg "192.168.10.2"
set fmg-source-ip 192.168.10.1
end

FGT (central-management) #

Debug logs =====================================on Fortimanager

FMG # diagnose debug application fgfm 255
fgfmsd debug filter: disable

FMG # diagnose debug enable

FMG # FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
^CFGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.

FMG # FMG setting.png

The moment I click on Ok then I got popup like Waiting for management confirmation from FortiManager administrator. Once confirmed full control of this FortiGate will be granted to at 192.168.10.2.

Then I click on OK button. after few seconds automatically Fortigate firewall gets logout.

Please help me to resolve the issue.

FortiGate

UmeshAuthor

Explorer II

SSL handshak failure between fortimanager and Fortigate.png

I found SSL handshake failure, Need your suggestion

ozkanaltas

Valued Contributor III

Hello Umesh,

Do your FortiGate and FortiManager have a valid license? Or are they just having an eval license?

UmeshAuthor

Explorer II

Hi ozkanaltas,

No, Both fortigate and Fortimanger are evaluation license only.

and both are registered with support portal.

Can you please tell me why I am not able to registered fortigate with Fortimanager.

you can see that getting SSL handshake error while capturing the packet capture.

your answer would be much applicable.

thanks

ozkanaltas

Valued Contributor III

Hi @Umesh ,

The problem might be related to the trial license. Fortigate trial versions have a lower SSL level.

You might want to try this. As far as I can see, your Fortigate version is 7.0. Could you try installing Fortigate with a 7.2 version as well?

gstefou

Explorer

Hi umesh,

There's an option for FMG-Access on the interface you have the FMG connected to, i have seen that creating some weird problems when it's not enabled.

If your FMG is setup outside your network, you need to check this option on your internet faced interface (WAN).

Can you provide some insights on the way you have the FMG connected on your firewall ?

UmeshAuthor

Explorer II

No Fortigate is directly connected with fortimanger then also it is not getting registered.

FYI - Both fortigate and Fortimanger are evaluation license only.

gstefou

Explorer

Do you have the FMG-Access enabled on the interface the fortimanager is connected to ? You may need to enable the Fortinet Security Fabric option.

The evaluation license should be enough for you to connect the Firewall with ForitManager.

Found this article on the web that may help you -> https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-VM-Trial-License-and-FortiGate/ta-p/336811

Note that when you connect your FGT to FMG, you need to connect to your FMG and authorize the Firewall from the Root ADOM you have created.

Do you mind sharing a screenshot of the FMG when trying to connect the Firewall ?

omis

New Member

I have the same issue.

even though I configured both fortimanager and fortigate to use TLSV1, but Foortimanager for some reason keeps trying to establish connection with TLSV1.3 which you can see in the logs :
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 errorFGFMs:

ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded