Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Arif69
Staff
Staff

Created on ‎12-03-2025 09:56 PM

Article Id 421703

Troubleshooting Tip: Unreg_Dev_Opt command overwrites the Fgfm-Deny-Unknown command

Description This article describes why FortiManager is unable to add FortiGate even when Fgfm-Deny-Unknown is disabled.
Scope FortiManager.
Solution

It is not possible to add FortiGate into FortiManager, and it shows as follows in the fgfm debug:

 

diagnose debug application fgfmsd 255

diagnose debug enable

...

...

FGFMs(probing...): __get_handler:1057: sn matchedFGFMs(probing...): __get_handler: serialno in peer cert is <FGVM4VTMXXXXXXXX>
FGFMs(probing...): fgfm_get_inst_info,105: serial=, devid=0, revision=0, timestamp=0.
Request [/bin/fgfmsd:1414:1750]:
{ "client": "\/bin\/fgfmsd:1414", "id": 1750, "method": "exec", "params": [{ "data": { "create_unreg": 1, "device": { "beta": -1, "branch_pt
": 1740, "build": 1740, "conn_mode": 0, "dev_status": 0, "faz.perm": 15, "flags": 1, "hostname": "vm-A", "ip": "20.211.88
.167", "maxvdom": 2, "mgmt_mode": 1, "mgmt_uuid": "00000000-0000-0000-0000-000000000000", "mr": 2, "name": "vm-A", "os_ty
pe": 0, "os_ver": -1, "patch": 11, "platform_id": -1, "platform_str": "FortiGate-VM64-AZURE", "sn": "FGVM4VTMXXXXXXXX", "source": 1, "tab_st
atus": "<unknown>", "version": 700}, "from": 1}, "url": "dvm\/cmd\/manage\/device"}], "session": -1}
Response [unknown]:
{ "id": 1750, "result": [{ "status": { "code": -20012, "message": "Unregistered device ignored"}, "url": "dvm\/cmd\/manage\/device"}]}
FGFMs(probing...): Cleanup session 0x55d3cdcc3e60, 20.211.88.167.
FGFMs(probing...): Destroy session 0x55d3cdcc3e60, 20.211.88.167.
FGFMs(FG6H0ETBXXXXXXXX-20038-10.248.200.78): server:
get file_exchange
localid=2802
chan_window_sz=32768
deflate=gzip
file_exch_cmd=put_json_cmd

 

The 'Unregistered device ignored' error is usually due to fgfm-deny-unknown enable in FortiManager:

 

show system global

set fgfm-deny-unknown enable

end

 

However, in certain cases, the fgfm-deny-unknown command is already disabled, but FortiManager still shows the 'Unregistered device ignored'. 

 

Further checking shows the following setting in FortiManager:

 

show system admin setting

set unreg_dev_opt ignore

end

 

The command unreg_dev_opt ignore will overwrite the fgfm-deny-unknown disable command. Hence, FortiManager is not able to add the FortiGate.

 

After changing the following settings, FortiManager can add the FortiGate:

 

config system admin setting

set unreg_dev_opt add_allow_service

end
95
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.