Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
mvlasak
Staff
Staff

Created on ‎08-29-2024 08:48 AM Edited on ‎12-25-2024 11:07 PM By Community Manager

Article Id 337527

Troubleshooting Tip: How to troubleshoot connectivity to FortiManager Cloud

Description This article describes how to troubleshoot connectivity to FortiManager Cloud.
Scope Any FortiGate supporting FortiManager Cloud and FortiManager Cloud.
Solution

On FortiGate:

  1. Go to 'Security Fabric - Settings - Central Management - FortiManager Cloud' and check whether the option for FortiManager Cloud is greyed out or not.

  2. Run the following commands and attach the output to the ticket:

get sys status

get sys global

get system central-management

fnsysctl ls -l /etc/cert/local/

fnsysctl ls -l /etc/cert/ca

diagnose fgfm session-list

diagnose fdsm central-mgmt-status

execute telnet <FMG-IP> 541

 

  1. If the source IP is not configured under 'config system central-management', add it:

config system central-management

    set fmg-source-ip <FGT-IP>

end

 

  1. On FortiGate, register the FortiManager device Serial Number:

execute central-mgmt register-device {fmg-serial-no} {fmg-register-password}

 

Replace {fmg-register-password} with the registration password.

 

  1. Re-initiate the connection from the FortiGate CLI by restarting the 'FGFM' daemon.

fnsysctl killall fgfmd

 

On FortiManager:

 

  1. Reclaim the tunnel from the CLI using the following syntax:

execute fgfm reclaim-dev-tunnel <device_name>

 

(Use 'diagnose dvm device list' to get the device ID).

 

  1. Delete the device from FortiManager and add it again (if needed).
  2. Run FortiGate-FortiManager (FGFM) connection debugs on both sides and provides the output to the ticket:

On FortiGate session #1:

diagnose debug reset

diagnose debug application fgfm 255

diagnose debug console time enable

diagnose debug enable

On FortiGate session #2:

 

diagnose sniffer packet any 'port 541' 6 0 a

 

On FortiManager:

 

diagnose debug reset

diagnose debug application fgfm 255 <IP address or Serial Number of the FGT>

diagnose debug time enable

diagnose debug enable

execute fgfm reclaim-dev-tunnel <device_name>

 

Run these debugs for 2-3 minutes and then disable them:

 

diagnose debug disable

diagnose debug reset

 

Related articles:

Technical Tip: How to create a log file of a session using PuTTY

Troubleshooting Tip: How to connect FortiGate to FortiManager Cloud and troubleshoot connectivity is...

Technical Tip: FortiManager Cloud option not available in FortiGate central management

Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager
1143
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.