FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
cdemar
Staff
Staff
Article Id 201747
Description

This article describes how to register a FortiGate to a FortiManager from CLI .

Scope  
Solution

Start with configuring the below commands on the FortiGate:

 

# config system central-management
    # set type fortimanager
    # set fmg <FMG IP>
# end

 

The FortiGate will then be visible in the FortiManager Unregistered devices:

 

cdemar_0-1640184168445.png

 

cdemar_1-1640184168448.png

 

cdemar_2-1640184168450.png

 

It is now possible to authorize the unit on the FortiManager.

 

From version 6.0, by default, the FortiManager will use the default admin/<blank password> to contact the FortiGate.

Therefore, if the  FortiGate admin password is not blank, the FortiManager will be unable to authorize the device and authorization will fail.

 

There 2 possibilities to work-around this issue:

 

1) Forcing the addition of the FortiManager serial number in the unit central-management via a batch script on the FortiGate:

 

# execute batch start
# config system central-management
    # set type fortimanager
    # set fmg "<FMG IP>
    # set serial-number <FMG serial number>
#end
# execute batch end

 

2) Forcing the FortiGate to send an authorization request:

 

# exe central-mgmt register-device <-----FortiManager serial number <dummy password>.

 

Once one or the other work-around has been applied, it will be possible to authorize the FortiGate from the FortiManager GUI.

 

Note that it is possible to alternatively configure the FortiManager to accept automatically registration requests from the FortiGate.

 

On the FortiManager:

 

# config system admin setting
    # set allow_register enable
    # set register_passwd <password>

# end

 

On the FortiGate:

 

# config system central-management
    # set type fortimanager
    # set fmg <-----FortiManager IP.
# end

 

# exe central-mgmt register-device <-----FortiManager serial number, password on the FortiManager.

 

The FortiGate will then be automatically registered on the FortiManager. In case ADOM is enabled, it will be added to the root ADOM. 

 

Related article:

Technical Tip: Using 'exec migrate' to migrate to a new FortiAnalyzer/FortiManager model