| Solution |
- Perform fgfmd debugging in FortiGate CLI:
diagnose debug reset
diagnose debug application fgfmd 255
diagnose debug console time enable
diagnose debug enable
To disable debug:
diagnose debug disable
-
While running the debug, re-add the FortiGate to FortiManager Cloud.
Troubleshooting Tip: How to connect FortiGate to FortiManager Cloud
In this scenario, when running fgfmd debug in FortiGate, the error shows 'fgfm_fqdn_connect fail'.
FGT # 2024-10-30 13:22:42 FGFMs: fgfm_fqdn_connect,180:Connect to fortimanager.forticloud.com.
2024-10-30 13:22:42 FGFMs: fgfm_dns_query: try to bind (fortimanager.forticloud.com)
2024-10-30 13:22:42 FGFMs: __dns_on_resp: resolve fortimanager.forticloud.com to ipv4 address 1: 154.52.2.162
2024-10-30 13:22:42 FGFMs: Create session 0x10ad7b60.
2024-10-30 13:22:42 FGFMs: setting session 0x10ad7b60 exclusive=0
2024-10-30 13:22:42 FGFMs: Connect to 154.52.2.162:541, local 10.1.20.4:24472.
2024-10-30 13:22:42 FGFMs: set_fgfm_sni SNI<1558668.support.fortinet-ca2.fortinet.com>
2024-10-30 13:22:42 FGFMs: Load Cipher [DHE-RSA-AES256-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-
SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA38
4:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:@STRENGTH]
2024-10-30 13:22:42 FGFMs: Load TLS 1.3 Cipher [TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256]
2024-10-30 13:22:42 FGFMs: before SSL initialization
2024-10-30 13:22:42 FGFMs: CA to broadcast: subject support, issuer support
2024-10-30 13:22:42 FGFMs: CA to broadcast: subject fortinet-ca2, issuer fortinet-ca2
2024-10-30 13:22:42 FGFMs: CA to broadcast: subject fortinet-subca2001, issuer fortinet-ca2
2024-10-30 13:22:42 FGFMs: CA to broadcast: subject fortinet-subca2003, issuer fortinet-ca2
2024-10-30 13:22:42 FGFMs: Broadcast 4 CA subject names to FMG
2024-10-30 13:22:42 FGFMs: SSLv3/TLS write client hello
2024-10-30 13:22:42 FGFMs: Entering __cmdb_event_centmgmt_handler 1431.
2024-10-30 13:22:42 FGFMs: Entering fgfm_clt_restart 403.
2024-10-30 13:22:42 FGFMs: __session_cb,113: fgfm_fqdn_connect fail.
2024-10-30 13:22:43 FGFMs: Cleanup session 0x10ad7b60, 154.52.2.162.
2024-10-30 13:22:43 FGFMs: Destroy session 0x10ad7b60, 154.52.2.162.
2024-10-30 13:22:43 FGFMs: fgfm_fqdn_connect,180:Connect to fortimanager.forticloud.com.
2024-10-30 13:22:43 FGFMs: fgfm_dns_query: try to bind (fortimanager.forticloud.com)
2024-10-30 13:22:43 FGFMs: __dns_on_resp: resolve fortimanager.forticloud.com to ipv4 address 1: 154.52.2.162
2024-10-30 13:22:43 FGFMs: Create session 0x10ad7fb0.
2024-10-30 13:22:43 FGFMs: setting session 0x10ad7fb0 exclusive=0
2024-10-30 13:22:43 FGFMs: Connect to 154.52.2.162:541, local 10.1.20.4:24478.
-
On the FortiManager CLI, enable the following configuration:
config system global
set fgfm-peercert-withoutsn enable <----- Removed in v7.2.10/v7.4.6/v7.6.1 onward.
end
-
While adding the FortiGate from FortiManager, in FortiGate CLI, run the following commands:
execute central-mgmt register-device <FMG S/N> <fmg-register-password>
Related articles:
Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager
Troubleshooting Tip: How to connect FortiGate to FortiManager Cloud and troubleshoot connectivity is...
|
