|
Sometimes, active FortiGates may not be associated with Security Fabric as expected. This can result in limited management and security capabilities. Troubleshooting is necessary to ensure proper integration.
Follow these steps to troubleshoot and resolve issues when active FortiGates are not associated with Security Fabric properly in FortiManager:
- Verify FortiGate Connectivity: Ensure that the FortiGates in question are reachable and have connectivity to the FortiManager. Check network connectivity, including firewalls and routing configurations.
- Check Security Fabric Configuration: In FortiManager, navigate to the 'Security Fabric' section and review the Security Fabric settings. Ensure that the Security Fabric is properly configured and enabled.
- Verify Device Registration: Check whether the FortiGates have been registered with FortiManager. In the Device Manager, review the list of managed devices to ensure that the FortiGates are listed and active.
- Check Device Status: Within the Device Manager, check the status of each FortiGate. Ensure that the devices are marked as 'Up' and operational. If any devices are marked as 'Down' or 'Disconnected', investigate and resolve the underlying issues.
- Review Device Groups: FortiManager allows to organize FortiGates into device groups. Ensure that the FortiGates are assigned to the correct device groups. Misconfiguration in device groups can lead to association issues.
- Validate Security Fabric Policies: Review the Security Fabric policies in FortiManager. Ensure that the policies are correctly defined and that the FortiGate devices are included in the appropriate Security Fabric policies.
- Check FortiGate Configuration: On the FortiGates themselves, verify that the Security Fabric settings are correctly configured. Ensure that the FortiGate devices are set up to communicate with FortiManager and participate in the Security Fabric.
- Check Logs and Alerts: Review FortiManager logs and alerts for any warnings or errors related to Security Fabric integration. Logs can provide valuable information about the root cause of association issues.
- Run following commands on FortiManager and FortiGate to gather more information related to the issue:
Execute the following commands on FortiManager, via CLI:
get sys status
get sys performance
diag sys print uptime
diag fgfm session-list
diag dvm adom list
diag dvm device list
diagnosis dvm csf root all
diagnosis dvm csf <ADOM_name> all
diag deb crashlog read
On FortiGate, run the below commands:
get sys central-management
diagnosis sys csf upstream
diagnosis test application csfd 1
exe tac report
- Restart Services: In some cases, restarting FortiManager services related to Security Fabric integration can resolve association issues. Consult FortiManager documentation for specific service restart procedures.
If the issue persists and is not resolved using the above steps, consider contacting Fortinet TAC Support for further assistance. Provide them with detailed information about the issue, device configurations, and any relevant logs.
Related Article:
|
