Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎09-14-2023 12:34 AM Edited on ‎08-04-2025 10:19 PM By Moderator

Article Id 273578

Technical Tip: FortiGate Central Management: FortiGate Cloud connection status 'Not Managed'

Description This article describes how to remedy when the FortiGate Central Management: FortiGate Cloud connection status shows 'Not Managed'.
Scope FortiGate.
Solution

The connection status 'Not Managed' indicates that the FortiGate is not connected to the FortiCloud manager server.

 

Not managed.png


fortigate cloud- Not activated.png

 

  1. Make sure that FortiGate is under the Product Lists of the FortiCloud Account. Sometimes, FortiGate can be under decommissioned units. In this case, the FortiGate unit should be moved back to the Product Lists:


Forticloud.png

 

  1. At the FortiGate end, make sure FortiGate is logged in to the proper FortiCloud account and the correct region is configured on both ends.

     

    europe location.png

     

  2. Even with the FortiGate cloud status Activated, the Central management status cannot be Managed.

     

    fortigate cloud status.png

     

  3. Validate the rating status using the below command:

diagnose debug rating

 

  1. If the output shows the flags as F for all the servers, as below indicates 'F=Failed: The server is down'.

 

rating.png

 

Validate the FortiGate connection status to FortiGuard servers.

 

unable to connect to fortiguard.png

 

If the error 'Unable to connect to FortiGuard servers.' is displayed as above, troubleshoot further to fix the FortiGuard reachability issue. Refer to the below article for the same: Troubleshooting Tip: Unable to connect to FortiGuard servers.

 

Post fixing the FortiGuard reachability issue, validate the Management connection status.

 

  1. Check the DNS setting and make sure that the DNSs are not 'Unreachable':
                                                                     

1.jpg     

From the Firewall CLI:

 

config system dns

    set primary 96.45.45.45
    set secondary 96.45.46.46
    set protocol dot      <----- Set protocol cleartext.
    set interface-select-method specify      <----- Set interface-select-method auto.
    set interface "port3"

end

 

config system dns

    set primary 96.45.45.45
    set secondary 96.45.46.46
    set protocol cleartext
    set interface-select-method auto 

end

 

2.jpg

 

After the DNS comes up, the connection status will show 'connected'.

 

If the above commands do not resolve the issue and logs are still not sent to the FortiCloud, restart the FortiGate log daemon by running the command:

 

fnsysctl killall forticldd

 

For the central-management, traffic on port 541 needs to be allowed on the upstream device.

To confirm if TCP 541 connection between the FortiGate and FortiCloud is working, run a packet capture in FortiGate while executing the following command:

 

fnsysctl killall fgfmd

 

To capture the relevant packets, run below CLI commands below or use the Packet Capture feature on the GUI.

 

CLI:

 

diagnose sniffer packet any 'port 541' 4 0 l

 

Or:

 

diagnose sniffer packet any 'port 541' 6 0 l

 

GUI:

Packet Capture on FortiOS GUI

 

If the issue persists, create a Technical Support ticket of type FortiGate: Fortinet Support.

 

Related articles:

Technical Tip: FortiGuard Flags and Meanings

Troubleshooting Tip: Unable to connect to FortiGuard servers
Labels:
12250
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.