Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

FSAE not working from Virtual Cluster 2

Hello ! We have two 620B' s (OS 4 MR1 patch 3) running in HA and 2 Virtual Clusters (Active-passive). Virtual Cluster 1 is primary for 2 VDOMs + the root VDOM while Virtual Cluster 2 is running 2 VDOMs. In other words we have 3 VDOMs running on physical box #1 (VC1) and 2 VDOMs running on Box #2 (VC2) The strange thing is that from the VDOMs in VC1, FSAE is working fine. From VC2 I can connect to FSAE (The FortiGate unit shows up in " Show Service Status" in FSAE Collector Agent Configuration), but FortiGate can' t read any group information from FSAE. When I try to ping or traceroute servers from the CLI in VC1 I get replies, but from VC2 there' s no replies even when pinging servers with VC2 as the gateway. When doing a traceroute from VC2 I get an error message: # exec traceroute traceroute to (, 32 hops max, 72 byte packets 1 traceroute: sendto: Operation not permitted traceroute: wrote 72 chars, ret=-1 *traceroute: sendto: Operation not permitted traceroute: wrote 72 chars, ret=-1 Anybody got any ideas about what might be causing this ? regards, PÃ¥l Gjerde, Norway
New Contributor

have you switched the cli to the secondary slave firewall when you are running the traceroute command?
Not applicable

Good tip ;) when tracerouting from box #2 (the primary for VC2) I get normal replies. I still don' t understand why I can' t get FSAE to work though..
Not applicable

If anybody else experiences this problem, the solution is to access the GUI using an IP adress on a VDOM that is running on the physical box which is primary for Virtual Cluster 2. From here you are able to get the groups from FSAE and create User Groups that can be used in Policies.

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors