• Starting from FortiManager v7.2.10, the connection between VM and FortiManager is restricted for security. By default, FortiManager will not allow VM platform connection in FGFM.

This applies to the following products:

• FortiGate-VM.
• FortiCarrier-VM.
• FortiProxy-VM.
• FortiFirewall-VM.

2. The below sample scenario shows a user attempting to add FortiGate-VM into FortiManager (v7.2.10), but is prompted with a pop-up where the FortiGate-VM could not connect to FortiManager.

On the FortiManager FGFM debug, FortiManager effectively rejects the FGFM connection from the FortiGate-VM device, and a response of "Unsupported device model" can be seen.

Request [/bin/fgfmsd:3207:1]:

{ "client": "\/bin\/fgfmsd:3207", "id": 1, "method": "exec", "params": [{ "data": { "create_unreg": 1, "device": { "beta": -1, "branch_pt": 1706, "build": 1706, "conn_mode": 0, "dev_status": 0, "faz.perm": 15, "flags": 1, "hostname": "FortiGate-VM", "ip": "10.47.XXX.XXX", "maxvdom": 10, "mgmt_mode": 1, "mgmt_uuid": "00000000-0000-0000-0000-000000000000", "mr": 2, "name": "Tiara-kvm05", "os_type": 0, "os_ver": -1, "patch": 10, "platform_id": -1, "platform_str": "FortiGate-VM64-KVM", "sn": "FGVM01TMXXXXXX", "source": 1, "tab_status": "<unknown>", "version": 700}, "from": 1}, "url": "dvm\/cmd\/manage\/device"}], "session": -1}

Response [unknown]:

{ "id": 1, "result": [{ "status": { "code": -20026, "message": "Unsupported device model"}, "url": "dvm\/cmd\/manage\/device"}]}

3. To allow VM platform connection in FGFM, enter the following command in the FortiManager CLI:

FMG# config system global

FMG# set fgfm-allow-vm enable

FMG# end

4. Subsequently, FortiManager will allow the FGFM connection from the respective VM device and the VM device will appear under the Unauthorized List in FortiManager Device Manager. Users can then authorize the VM device to be fully managed by FortiManager.

Related article:

Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager