Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Toshi_Esumi
Esteemed Contributor II

way to recover FMG connection

One of our FGTs managed by FMG somehow lost connection to the FMG. It has two internet, wan1 and wan2. But probably when wan1 went down the FMG changed connection to wan2, then wan2 went down. Currently wan1 is up and operational, but somehow the central-management config has lost orignal config and had:

 

  config system central-management

     set type fortanalyzer

  end

 

So I changed it back to:

 

  config system central-management

    set type fortimanager

    set fmg x.x.x.x

  end

 

Then changed IP address at FMG under Device&Group->Edit Device to have this wan1 IP on the FMG side.

Based on my sniffing at the FGT, the FMG is trying to re-connect via this wan1 IP but the FGT seems to be ignoring the "SYN" packets from the FMG.

 

I know I can wipe out this FGT from the FMG and start over re-registering. But is there any easy way to just re-connect it?

 

By the way our FMG-VM is running v6.4.8 now.

 

Thanks,

 

 

Toshi

 

4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Hello Toshi,

 

Thank you for using the Community Forum. ( And thanks a lot for your help :)!)

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Toshi,

 

We are still looking an answer for your question.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
Toshi_Esumi
Esteemed Contributor II

Thank you for your effort Anthony.
Based on what I can see, it seems that the FGT side newly tried to get registered at FMG because I manually/directly configured "config sys central-managment" with the FMG's IP again (I deleted the request at root ADOM), then waiting for its acceptance/response from the FMG. On the other hand, the FMG is just trying to re-connect for a device that is already registered and in the DB.

 

Toshi

Anthony_E

Hello Toshi,

 

Thank you for sharing these information!

Anthony-Fortinet Community Team.