- Trying to enable EMS cloud with a brand new setup will generate an error stating that the cloud is 'unreachable'.
- Checking the output of following command in the CLI of FortiGate will provide the error shown below:
exe fctems verify < EMS name > (This will Verify FortiGate to FortiClient EMS connectivity.)
execute fctems verify 1
Error in requesting EMS fabric connection: -1
issue in getting capabilities. EMS server was not reached (timeout)
Error (-1@_get_capabilities:446).
- Additionally, the output of the following command will produce the error shown below:
diagnose endpoint fctems test-connectivity <EMS> (This will test Connectivity Between FortiGate and EMS.)
diagnose endpoint fctems test-connectivity 1
Connection test had an error -1: EMS server was not reached (timeout)
- Checking the debug outputs will show the same timeout error:
diagnose debug app fcnacd -1
diagnose endpoint filter show-large-data yes <-
diagnose debug enable
error info: Error (ec_ems_rest_api_preprocess_result:66). CURL error: (28)Timeout was reached. (_process_pub_addr,751)Issue in pre-processing the result
- To get rid of this error, follow these steps:
- Run the following command:
diag debug application update -1
diag debug enable
exec update-now
- Run the following:
execute fctems verify 1
After running the command above, a certificate prompt will appear and ask for confirmation of the server certificate. When configuring a new connection to an EMS server, the certificate might not be trusted.
EMS configuration needs user to confirm server certificate.
Do you wish to add the above certificate to trusted remote certificates? (y/n)y
- After pressing Y, make sure to authorize the FortiGate on the FortiEMS cloud server.
- After running these commands, refresh the connection with the EMS Cloud. It should have connected successfully.
Related document:
Establish connectivity on the EMS connector - FortiGate public cloud documentation
|
