Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
cdemar
Staff
Staff

Created on ‎12-22-2021 07:50 AM Edited on ‎11-23-2025 06:00 AM By Community Manager

Article Id 201747

Technical Tip: How to register a FortiGate to a FortiManager from the CLI

Description

This article describes how to register a FortiGate to FortiManager from the CLI.
Scope FortiGate, FortiManager.
Solution

Start by setting up the configuration on the FortiGate with the following commands:

 

config system central-management
    set type fortimanager
    set fmg <FortiManager IP>
end

 

The FortiGate will then be visible in the FortiManager in the Root ADOM under the Unauthorized Devices:

 

cdemar_0-1640184168445.png

 

cdemar_1-1640184168448.png

 

cdemar_2-1640184168450.png

 

It is now possible to authorize the unit on the FortiManager.

 

Starting from version 6.0, FortiManager will use the default admin/<blank password> to contact the FortiGate by default.

Therefore, if the FortiGate admin password is not blank, FortiManager will be unable to authorize the device, and authorization will fail.

 

Also, an error might be seen in the FortiGate CLI as below :


config system central-management
    set type fortimanager
    set serial-number "FMG-VMTMXXXXXXX"
    set fmg "ip/fqdn"
    set interface-select-method sdwan
end

 (central-management) $ end
Fortimanager Serial Number is not matching
object set operator error, -651, roll back the setting
Command fail. Return code -651

 

These 2 possibilities to work around this issue:

 

  1. Forcing the addition of the FortiManager serial number in the unit central-management via a batch script on the FortiGate:

 

execute batch start
config system central-management
    set type fortimanager
    set fmg "<FortiManager IP"

end
execute batch end

 

  1. For the latest FortiGate firmware versions 7.4.3 and 7.6.0 onwards, it is possible to assign the FortiManager serial number directly without access to batch config.

    

config system central-management

    set serial-number "FMG_SN"

end

 

  1. Forcing the FortiGate to send an authorization request:                                                                                     

    execute central-mgmt register-device        <- FortiManager serial number <dummy password>.

 

Once one of the workarounds has been applied, it will be possible to authorize the FortiGate from the FortiManager GUI.

 

Alternatively, it is possible to configure the FortiManager to automatically accept registration requests from the FortiGate.

 

On the FortiManager:

 

config system admin setting
    set allow_register enable
    set register_passwd <password>

end

 

On the FortiGate:

 

config system central-management
    set type fortimanager`
    set fmg <FMG_IP>        <- FortiManager IP.
end

 

execute central-mgmt register-device          <- FortiManager serial number, password on the FortiManager.

 

Note: If the FortiManager is connected to the FortiGate over the IPsec tunnel source IP address needs to be configured under FortiGate central-management.

 

config system central-management
    set fmg-source-ip <FGT_Interface_IP>
end

 

The FortiGate will then be automatically registered on the FortiManager. If ADOM is enabled, it will be added to the root ADOM. 

 

  1. Use this command to check the connection and registration status on the FortiGate:

     

diagnose fdsm central-mgmt status

 

Related articles:
45014
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.