|
On FortiGate:
- Go to 'Security Fabric - Settings - Central Management - FortiManager Cloud' and check whether the option for FortiManager Cloud is greyed out or not.
- Run the following commands and attach the output to the ticket:
get sys status
get sys global
get system central-management
fnsysctl ls -l /etc/cert/local/
fnsysctl ls -l /etc/cert/ca
diagnose fgfm session-list
diagnose fdsm central-mgmt-status
execute telnet <FMG-IP> 541
- If the source IP is not configured under 'config system central-management', add it:
config system central-management
set fmg-source-ip <FGT-IP>
end
- On FortiGate, register the FortiManager device Serial Number:
execute central-mgmt register-device {fmg-serial-no} {fmg-register-password}
Replace {fmg-register-password} with the registration password.
- Re-initiate the connection from the FortiGate CLI by restarting the 'FGFM' daemon.
fnsysctl killall fgfmd
On FortiManager:
- Reclaim the tunnel from the CLI using the following syntax:
execute fgfm reclaim-dev-tunnel <device_name>
(Use 'diagnose dvm device list' to get the device ID).
- Delete the device from FortiManager and add it again (if needed).
- Run FortiGate-FortiManager (FGFM) connection debugs on both sides and provides the output to the ticket:
On FortiGate session #1:
diagnose debug reset
diagnose debug application fgfm 255
diagnose debug console time enable
diagnose debug enable
On FortiGate session #2:
diagnose sniffer packet any 'port 541' 6 0 a
On FortiManager:
diagnose debug reset
diagnose debug application fgfm 255 <IP address or Serial Number of the FGT>
diagnose debug time enable
diagnose debug enable
execute fgfm reclaim-dev-tunnel <device_name>
Run these debugs for 2-3 minutes and then disable them:
diagnose debug disable
diagnose debug reset
Related article:
Technical Tip: How to create a log file of a session using PuTTY
|
