|
To manage FortiSwitch with a FortiLAN cloud configuration, please refer to page 12 of the FortiSwitch OS Administration Guide.
The FortiSwitch should be registered and have ports 5246, 5247, and 443 opened in the network. Sometimes, even when the FortiSwitch is registered under FortiCare and has these ports open, the FortiSwitch still shows offline on the FortiLAN cloud portal.
One possible cause is an SSL setup failure due to an incorrect time on the FortiSwitch. Ensure the time is correct in the FortiSwitch to facilitate proper certificate exchange between FortiLAN cloud and FortiSwitch.
An SSL setup failure can be identified by using the following commands on Fortiswitch:
# diagnose debug application flan-mgr -1
# diagnose debug console timestamp enable
# diagnose debug enable
To stop the log, use the following commands:
# diagnose debug disable
# diagnose debug application flan-mgr 0
If an SSL setup failure occurred, the logs will display similar information to the following:
1970-01-23 11:54:29 load_and_verify_certificate:514: Exiting ...
1970-01-23 11:54:29 create_ssl_conn_obj_for_access_server:669: [SID: -1] SSL_Connect(fd:9) error code=1, unspecified certificate verification error
1970-01-23 11:54:29 create_ssl_conn_obj_for_access_server:692: Exiting ..rcode=0
1970-01-23 11:54:29 flan_mgr_setup_ssl_conn:728: [SID: -1] SSL object creation failed
1970-01-23 11:54:29 flan_mgr_setup_ssl_conn:771: Exiting ...(rcode=0)
1970-01-23 11:54:29 __switch_state_join_enter:160: SSL setup unsuccessful (event=EV_JOIN_START).
1970-01-23 11:54:29 flan_mgr_fsm_state_transition:355: Entering ...state=FLAN_MGR_STATE_JOIN, event=EV_JOIN_FAILED
In this log, the SSL setup fails because the time on the FortiSwitch is incorrect, which prevents validation of the certificate. Correct the time configuration on FortiSwitch to allow it to show as online on FortiLAN Cloud.
See page 47 of the FortiSwitch OS Administration Guide for instructions on how to correct the time configuration.
|
