| Description | This article explains how to resolve a connectivity issue between an Azure or AWS FortiGate and an EMS or FortiManager that occurs where a 'Fortinet_Factory' certificate shows with the name 'FortiGate' instead. |
| Scope | FortiGate. |
| Solution |
Since FortiGate for AWS and FortiGate for Microsoft Azure on-demand models, they receive the virtual machine license from FortiCare during the bootup process.
In some cases, the 'Fortinet_Factory' certificate CN shows as 'FortiGate' instead of the name of the device. This results in a connectivity issue between the FortiGate and the EMS or FortiManager due to a certificate validation failure.
To resolve this issue, manually download the virtual machine license on the FortiGate with the following command (this updates the 'Fortinet_Factory' certificate CN with the serial number of the FortiGate):
dia deb vm-print-license SerialNumber: FGVMXXXXXXXX <----- To find the serial number.
exec vm-license <FGT SN> <----- Use the Serial Number from above. This operation will reboot the system ! Do you want to continue? (y/n)y
Note: This command will reboot the device. It is recommended to run this during the maintenance window or outside of business hours to avoid impact on services.
This command cannot be used for VM on-prem and will pop up an error 'Forticare response error 57'.
Related article: |
