Description
The article describes how to automatically authorize devices in FortiManager.
Scope
FortiManager.
Solution
When central management config is set in a FortiGate, it appears in FortiManager as an 'Unauthorized device' which is then required to be authorized. To skip manually authorizing each one, this process can be automated in FortiManager.
- Make sure the communication between FortiGate and FortiManager on TCP541 is fine and FGFM-Access is enabled on the FortiGate interface. For FGFM connection troubleshooting, refer to Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager.
- After checking FortiManager, there is no device in Device Manager yet:
- Enable the following config in FortiManager and set a registration password, which will be used by FortiGates to get authorized:
config system admin setting
set allow_register enable
set register_passwd <password>
set unreg_dev_opt add_allow_service
end
- On FortiGate, run the following commands to add the central management config and to make the FortiGate register to FortiManager:
config system central-management
set type fortimanager
set fmg <FMG IP>
end
exe central-mgmt register-device <FMG serial> <password set in FMG>
- The FortiGate now appears as authorized in the FortiManager Device Manager:
Note:
The devices will only be authorized in the 'root' ADOM, which can then be moved to any other ADOM.
Related articles:
Configuring central management on FortiGate.
Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager.
Technical Note: Moving devices and VDOMs between FortiManager ADOMs.
