Hey,

It is in my vm lab environment(Vmvare fusion).

There is no another device between them. 

thanks

Thanks for the reply. 

Can you check the (on the FGT)

config system central-management   get 

and 

Can you check (on the FMG)

config system global get

I am actually looking for level of encryption on both of these. 

Cheers

Hello,

I added the output, thank you

FMG-VM64 # config system gl

(global)# get

admin-lockout-duration: 60

admin-lockout-threshold: 3

adom-mode           : normal 

adom-rev-auto-delete: by-revisions 

adom-rev-max-backup-revisions: 5

adom-rev-max-revisions: 120

adom-select         : enable 

adom-status         : enable 

clt-cert-req        : disable 

console-output      : standard 

country-flag        : enable 

create-revision     : disable 

daylightsavetime    : enable 

default-disk-quota  : 1000

detect-unregistered-log-device: enable 

device-view-mode    : regular 

dh-params           : 2048 

disable-module      : 

enc-algorithm       : high 

faz-status          : disable 

fgfm-local-cert     : (null)

fgfm-ssl-protocol   : tlsv1.2 

ha-member-auto-grouping: enable 

hitcount_concurrent : 100

hitcount_interval   : 300

hostname            : FMG-VM64 

import-ignore-addr-cmt: disable 

language            : english 

latitude            : (null)

ldap-cache-timeout  : 86400

ldapconntimeout     : 60000

log-checksum        : none 

log-forward-cache-size: 0

longitude           : (null)

max-running-reports : 1

oftp-ssl-protocol   : tlsv1.2 

partial-install     : disable 

perform-improve-by-ha: disable 

policy-hit-count    : disable 

policy-object-in-dual-pane: disable 

pre-login-banner    : disable 

remoteauthtimeout   : 10

search-all-adoms    : disable 

ssl-low-encryption  : disable 

ssl-protocol        : tlsv1.2 

ssl-static-key-ciphers: enable 

task-list-size      : 2000

timezone            : (GMT+3:00) Istanbul.

tunnel-mtu          : 1500

usg                 : enable 

vdom-mirror         : disable 

webservice-proto    : tlsv1.2 

workspace-mode      : disabled 

FortiGate-VM64 # config system central-management 

FortiGate-VM64 (central-management) # get

mode                : normal 

type                : fortimanager 

schedule-config-restore: enable 

schedule-script-restore: enable 

allow-push-configuration: enable 

allow-push-firmware : enable 

allow-remote-firmware-upgrade: enable 

allow-monitor       : enable 

serial-number       : 

fmg                 : "10.10.231.221"

fmg-source-ip       : 0.0.0.0

fmg-source-ip6      : ::

vdom                : root 

server-list:

include-default-servers: enable 

enc-algorithm       : low 

Thanks 

Can you set (On the FGT)

enc-algorithm to default and try doing the connection one more time.

Thanks

Hello,

I tried, but probe failed again.

7.712600 port1 in 10.10.231.221.42888 -> 10.10.231.110.541: rst 3489118224 ack 2398539591 

18.925384 port1 out 10.10.231.110.2680 -> 10.10.231.221.541: syn 387565312 

18.925550 port1 in 10.10.231.221.541 -> 10.10.231.110.2680: syn 1708240234 ack 387565313 

18.925577 port1 out 10.10.231.110.2680 -> 10.10.231.221.541: ack 1708240235 

18.925845 port1 out 10.10.231.110.2680 -> 10.10.231.221.541: psh 387565313 ack 1708240235 

18.925897 port1 in 10.10.231.221.541 -> 10.10.231.110.2680: ack 387565416 

19.926431 port1 in 10.10.231.221.541 -> 10.10.231.110.2680: rst 1708240235 ack 387565416 

231.221 is manager. Why rst packets are sent?

On the FMG side 

Lets try setting the  fgfm-ssl-protocol to sslv3 just to test the connection. 

Thanks