While configuring FortiManager under Central Management, FortiGate encounters the error 'Verify FortiManager Serial Number'.

To troubleshoot this error, port 541 must be allowed across the network and can be verified by telnet over port 541.

On FortiGate:

To confirm the reachability to FortiManager over port 541, run the following command:

execute telnet <FMG_IP> 541

If FortiGate is connected to FortiManager via port 541, the next step is to analyze the traffic using a sniffer on port 541.

Open 2 PuTTY sessions:

One for FortiGate and the other for FortiManager. Run them simultaneously.

On FortiGate:

dia sniffer packet any "host <FortiManager_IP> and port 541" 3 0

On FortiManager:

dia sniffer packet any "host <FortiGate_IP> and port 541" 6 0

To generate the traffic from FortiGate to FortiManager, select OK from FortiGate under Security Fabric -> Fabric Connectors -> Central Management (FortiManager) -> Select OK.

Analyze the TCP 3-way handshake and look for MSS value. The MSS value leaving FortiGate must be the same once it arrives at FortiManager and vice-versa, i.e MSS must not be clamped in the network.

If the MSS value changes (MSS clamped), it may result in multiple retransmissions, and the communication will eventually be dropped.
During FortiGate-FortiManager debugging, an error may be observed: 'Connection was interrupted. sockevents[-1] sslerr[1]'.

In this scenario, try to set the tcp-mss value to 1300 on the FortiGate interface that communicates with FortiManager.

On FortiGate:

config system interface
    edit <interface name>
        set tcp-mss 1300
end

Later, try to re-configure FortiManager under the Central Management.
Security Fabric -> Fabric Connectors -> Central Management (FortiManager) -> Select OK.

Related article:
Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager
Technical Tip: Behavior of TCP-MSS setting under system interface

Technical Tip: Setup custom certificate for FGFM protocol