Technical Tip: How to re-establish connection between FortiGate and FortiManager after uploading new license file on FortiManager

lingky88 · ‎10-16-2023

Description

This article describes how to re-establish the FortiGate-FortiManager connectivity post uploading a new license file on FortiManager

Scope

FortiManager.

Solution

When the FortiGate has been onboarded into FortiManager, the FortiManager’s Serial Number will be recognized and displayed on the FortiGate’s central-management CLI:

1. FMG SN on FortiGate.png

2. FMG SN.png

Verify the connection is Connected/UP on the FortiGate and FortiManager.

3. FGT.png

4. FMG.png

Each license file is linked to a unique FortiManager Serial Number. Hence, if a new license file is uploaded into FortiManager, the device’s Serial Number will change and will affect the connectivity between FortiManager and FortiGate.

5. FMG new SN.png

6. FGT Connection down.png

This is because the FortiManager’s Serial Number has been changed to FMG-VMXXXXXX2724 but the FortiGate is still recognizing the old Serial Number.

1. FMG SN on FortiGate.png

To rectify this, navigate to Device Manager -> 'Right-click' the FortiGate -> Edit -> Re-key the admin password -> OK -> 'Right-click' the FortiGate again -> Refresh Device. After that, verify that FortiManager is able to successfully update the device information and check on the FortiGate side if the new FortiManager Serial Number is being reflected.

7. Refresh update deviec successful.png

8. Device is now up.png

9. New SN on FGT.png

Alternatively, login to FortiGate and manually register the new Serial Number as follows:

FGT# execute central-mgmt register-device <FMG Serial Number> fortinet <----- Register the new Serial Number.
FGT# fnsysctl killall fgfmd <----- Restarts the FGFM tunnel.
FGT# diag fdsm central-mgmt status <----- Check the connection and registration status.