FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to resolve a connectivity issue between an Azure or AWS FortiGate and an EMS that occurs where a 'Fortinet_Factory' certificate shows with the name 'FortiGate' instead.
Scope
FortiGate.
Solution
Since FortiGate for AWS and FortiGate for Microsoft Azure on-demand models, they receive the virtual machine from FortiCare during the bootup process.
In some cases, the 'Fortinet_Factory' certificate CN shows as 'FortiGate' instead of the name of the device. This results in a connectivity issue between the FortiGate and the EMS due to a certificate validation failure.
This occurs intentionally, as FortiGate virtual machines with no specific S/N certificate cannot establish a fabric connector to an EMS.
To resolve this issue, manually download the virtual machine license with the following command:
# exec vm-license
Note: This command will reboot the device. It is recommended to run this during the maintenance window or outside of business hours to avoid impact to services.
