Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎09-14-2023 12:34 AM Edited on ‎09-23-2025 01:12 AM By Community Manager

Article Id 273578

Technical Tip: FortiGate Central Management: FortiGate Cloud connection status 'Not Managed'

Description This article describes how to remedy when the FortiGate Central Management: FortiGate Cloud connection status shows 'Not Managed'.
Scope FortiGate.
Solution

The connection status 'Not Managed' indicates that the FortiGate is not connected to the FortiCloud manager server.

 

Not managed.png


fortigate cloud- Not activated.png

 

  1. Make sure that FortiGate is under the Product Lists of the FortiCloud Account. Sometimes, FortiGate can be under decommissioned units. In this case, the FortiGate unit should be moved back to the Product Lists:


Forticloud.png

 

  1. At the FortiGate end, make sure FortiGate is logged in to the proper FortiCloud account and the correct region is configured on both ends.

     

    europe location.png

     

  2. Even with the FortiGate cloud status Activated, the Central management status cannot be Managed.

     

    fortigate cloud status.png

     

  3. Validate the rating status using the below command:

diagnose debug rating

 

  1. If the output shows the flags as F for all the servers, as below indicates 'F=Failed: The server is down'.

 

rating.png

 

Validate the FortiGate connection status to FortiGuard servers.

 

unable to connect to fortiguard.png

 

If the error 'Unable to connect to FortiGuard servers.' is displayed as above, troubleshoot further to fix the FortiGuard reachability issue. Refer to the article below for the same: Troubleshooting Tip: Unable to connect to FortiGuard servers

 

Post fixing the FortiGuard reachability issue, validate the Management connection status.

 

  1. Check the DNS settings and make sure that the DNSs are not 'Unreachable':
                                                                     

1.jpg     

From the Firewall CLI:

 

config system dns

    set primary 96.45.45.45
    set secondary 96.45.46.46
    set protocol dot      <----- Set protocol cleartext.
    set interface-select-method specify      <----- Set interface-select-method auto.
    set interface "port3"

end

 

config system dns

    set primary 96.45.45.45
    set secondary 96.45.46.46
    set protocol cleartext
    set interface-select-method auto 

end

 

2.jpg

 

After the DNS comes up, the connection status will show 'connected'.

 

If the above commands do not resolve the issue and logs are still not sent to the FortiCloud, restart the FortiGate log daemon by running the command:

 

fnsysctl killall forticldd

 

For the central-management, traffic on port 541 needs to be allowed on the upstream device.

To confirm if TCP 541 connection between the FortiGate and FortiCloud is working, run a packet capture in FortiGate while executing the following command:

 

fnsysctl killall fgfmd

 

To capture the relevant packets, run below CLI commands below or use the Packet Capture feature on the GUI.

 

CLI:

 

diagnose sniffer packet any 'port 541' 4 0 l

 

Or:

 

diagnose sniffer packet any 'port 541' 6 0 l

 

If the issue persists, create a Technical Support ticket of type FortiGate: Fortinet Support.

 

For example, when running the following debug commands on the Firewall:

 

diagnose debug console time enable
diagnose debug application forticldd -1
diagnose fdsm contract-controller-update
diagnose debug enable
diagnose debug application fgfmd -1
fnsysctl killall fgfmd

 

If the output shows 'fgfm_fqdn_connect fail', it means the connection issue between the Firewall and FortiGuard:

 

"...

2025-08-29 11:36:32 FGFMs: Timeout for sock.
2025-08-29 11:36:33 FGFMs: __session_cb,113: fgfm_fqdn_connect fail.
2025-08-29 11:36:33 FGFMs: Cleanup session 0xa48d1b0, 173.243.132.118.
2025-08-29 11:36:33 FGFMs: Destroy session 0xa48d1b0, 173.243.132.118.

..."

 

The packet sniffer shows it is because of the MTU issue on the Firewall's WAN interfaces:

 

Screenshot3.png

  

After changing the MTU value, it fixed the issue:

 

config system interface

    edit <port_ID>

        set mtu-override enable

        set mtu 1460

    end

 

The debug shows 'fgfm_fqdn_connect successful':

 

 "...

2025-09-12 09:58:21 FGFMs: client:
reply 200
overwrite_fmgid=1
request=ip
ip=169.254.96.102
mgmtid=842317588
register_status=1


2025-09-12 09:58:21 FGFMs: tun_fgfm device opened for (169.254.96.102)
2025-09-12 09:58:21 FGFMs: setting session 0xa48d1b0 exclusive=0
2025-09-12 09:58:21 FGFMs: __session_cb,117: fgfm_fqdn_connect succcesful.
2025-09-12 09:58:31 FGFMs: client:send:

 ..."

 

The packet sniffer also reflected the results:

 

Screenshot4.png

Reprovision FortiGate Device in FortiCloud. If all the steps above are correct, try to reprovision the FortiGate in FortiCloud. De-provision the FortiGate

 

deprovision.png

 

Reprovision the FortiGate:

 

reprovision.png

 

Re-enter the FortiGate Cloud credentials under Security Fabric -> Fabric connectors -> Central management.

 

Related articles:

Technical Tip: FortiGuard Flags and Meanings

Troubleshooting Tip: Unable to connect to FortiGuard servers
Labels:
12950
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.