Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
microivans
New Contributor

Unable to add a model device by serial number (But Success when using Discover and PSK)

Hi guys,

 

I am testing add new FGTs on FMG. Here are the model I am using:

 

FMG-VM64-KVM6.2.5 and FortiOS-VM64-KVM 6.2.3. Both are Free Trial.

 

I have tried to use Discover Wizzard and PSK to add FGTs, they are working fine. But when I use the SN number. It's failed.

 

Debug information shown on FMG:

 

[style="background-color: #ccffff;"]Request:[/style] [style="background-color: #ccffff;"]{ "client": "dmserver:548", "id": 384, "method": "exec", "params": [{ "data": { "device": 134, "force": 0}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}[/style] [style="background-color: #ccffff;"]FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:send:[/style] [style="background-color: #ccffff;"]put auth[/style] [style="background-color: #ccffff;"]user=admin[/style] [style="background-color: #ccffff;"]passwd=******[/style]

[style="background-color: #ccffff;"]FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:[/style] [style="background-color: #ccffff;"]reply 501[/style] [style="background-color: #ccffff;"]request=auth[/style]

[style="background-color: #ccffff;"]Response:[/style] [style="background-color: #ccffff;"]{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}[/style] [style="background-color: #ccffff;"]Response:[/style] [style="background-color: #ccffff;"]{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}[/style]

 

 

[style="background-color: #ffffff;"]Has anyone encounter same issue before. I am guessing the admin password on FMG mismatches with that on FGT. But I already try several time to modify the password. Still same result.[/style]

[style="background-color: #ffffff;"] [/style]

[style="background-color: #ffffff;"]Here are some of me reference links:[/style]

[style="background-color: #ffffff;"] [/style]

[style="background-color: #ffffff;"]https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/615344/adding-a-model-dev...[/style]

https://kb.fortinet.com/kb/documentLink.do?externalID=FD48001

https://forum.fortinet.com/m/tm.aspx?m=177241&p=2

 

My current configuration:

 

FMG:

 

FMG-VM64-KVM # show system global config system global set adom-status enable set enc-algorithm low set fgfm-ssl-protocol tlsv1.0 set usg enable end

 

FGT:

 

TEST # show system central-management config system central-management set type fortimanager set fmg "192.168.236.99" set fmg-source-ip 192.168.236.100 set enc-algorithm default end

3 REPLIES 3
neonbit
Valued Contributor

I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?

 

I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.

microivans

neonbit wrote:

I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?

 

I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.

Thanks neonbit for the advice. Yes I haven't load any licence to the FGT. Let me try it and update here.

microivans

Just found the answer.

 

By default, FMG will use username admin and empty password to build up the FGFM tunnel. But if you login to FGT to add basic config, you are forced to change the default (empty) password. To method to solve the issue:

 

1. Use USB to load basic config.

2. Create another super user on FGT and delete the password of user 'admin'.

Labels
Top Kudoed Authors