Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spoojary
Staff
Staff

Created on ‎05-09-2025 05:31 AM Edited on ‎12-04-2025 07:52 AM By Community Manager

Article Id 391085

Technical Tip: Error on GUI 'Could not connect to the FortiManager to retrieve its serial number'

Description This article describes the prompt received on the GUI of the FortiGate 'Could not connect to the FortiManager to retrieve its serial number'.
Scope FortiGate v7.6.x.
Solution

The following error is observed on the FortiGate, even though FortiManager is not used.

 

Message:

 

Verify FortiManager Serial Number
The FortiManager's access to the FortiGate will be authenticated by the FortiManager certificate. The serial number from the certificate must match the serial number observed on the FortiManager.
Could not connect to the FortiManager to retrieve its serial number

 

Screenshot 2025-05-08 103308.png

 

This happens because the central management was set to type FortiManager.

 

Galileo-kvm15 (central-management) # show full
config system central-management
    set mode normal
    set type fortimanager
    set schedule-config-restore enable
    set schedule-script-restore enable
    set allow-push-configuration enable
    set allow-push-firmware enable
    set allow-remote-firmware-upgrade enable
    set allow-monitor enable
    unset serial-number
    set fmg "sid.fortiddns.com"
    set fmg-source-ip 0.0.0.0
    set fmg-source-ip6 ::
    set local-cert ''
    unset ca-cert
    set vdom "root"
    set fmg-update-port 8890
    set fmg-update-http-header disable
    set include-default-servers enable
    set enc-algorithm high
    set interface-select-method auto
    set vrf-select 0
end

 

To resolve the issue, change the type to FortiGuard if FortiManager is not being used.

 

Galileo-kvm15 (central-management) # show full
config system central-management
    set mode normal
    set type fortiguard

    set schedule-config-restore enable
    set schedule-script-restore enable
    set allow-push-configuration enable
    set allow-push-firmware enable
    set allow-remote-firmware-upgrade enable
    set allow-monitor enable
    set local-cert ''
    set vdom "root"
    set fmg-update-port 8890
    set fmg-update-http-header disable
    set enc-algorithm high
end

 

If this error still shows, then on FortiManager, enable the fgfm-peercert-withoutsn under global settings and configure the FortiManager serial number on FortiGate under central-management config.

 

Note: 

The command fgfm-peercert-withoutsn has been removed from FortiManager v7.2.10/v7.4.6/v7.6.2. As a result, it is now a hard requirement for the FortiGate to present the local serial number inside the of the CN= field of the certificate it is presenting to the FortiManager. For more details, see the related articles below.


If FortiManager is being used, ensure connectivity and confirm that port 541 is reachable between the FortiGate and the FortiManager, as port 541 is the default used by the FGFM protocol for communication between these devices.

 

Related articles:

Troubleshooting Tip: How to solve the error message 'Could not connect to the FortiManager to retrie...

Technical Tip: Setup custom certificate for FGFM protocol
2541
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.