FortiClient EMS cloud fails to authorize FG-200F v.7.2.4

mhaneke · ‎03-28-2024

Hello,

I fail in connecting a FG-200F v7.2.4 to FortiClient EMS cloud. In "Fabric Connectors" -> "Connection status" it reads: FortiGate not authorized, but in FortiClient EMS cloud neither the Authorization pop-up is displayed nor occurs the device in EMS cloud Administration -> Fabric Devices.

Does some know how to debug this?

I am also searching for a how-to on registering a Fortigate by using a EMS cloud-generated Fortigate key by GUI or CLI.

best regards
Martin Haneke

best regards
Martin

mhaneke · ‎04-02-2024

Hello,

I could solve the problem as follows:

The FG-200F was registered to another account before and was transferred by Fortinet support. But that did not work flawless as I know by now. After I restarted the FG approx. 3 days after the account transfer, the FG showed up in the Forticlient EMS cloud of the old account.

I disabled the Forticlient connector, rebooted again, activated the Forticlient connector again, accepted the newly presented certificate and it worked.

In short: The credentials of the old account were cached. And obviously they were only deleted after disabling the connector AND rebooting the FG.

best regards

Martin

best regards
Martin

View solution in original post

AEK · ‎03-28-2024

Hi Martin

Check connectivity between FGT and EMS. I think the required port is 8015 TCP.

AEK

mhaneke · ‎03-28-2024

@AEKThank You for Your reply. But am I wrong, thinking that internal firewall services are always free and do not need special rules?

In our case the access for the FG to WAN is not restricted.

best regards
Martin

AEK · ‎03-28-2024

8015 is from FGT (as client) to EMS (as server). You need allow it on Windows firewall from EMS side.

AEK

mhaneke · ‎03-28-2024

I was not detailed enough in my question: The communication to troubleshoot is: FG-200F to EMS cloud (and not EMS on Windows).

best regards
Martin

AEK · ‎03-29-2024

The I guess there is some firewall protecting your EMS Cloud, right? That's where you need to allow the required traffic initiated from FGT public IP. Is this done already?

AEK

mhaneke · ‎03-29-2024

Not AFAIK. Another FG-100F connected to EMS cloud without any problems.

Any other suggestions?

BTW: How could EMS cloud be protected by ones own firewall?

best regards

Martin

best regards
Martin

AEK · ‎03-29-2024

Forget about the firewall now. Can you sniff traffic on EMS side to see if FGT connection requests are reaching it?

AEK

CatInHat · ‎03-29-2024

For debugging, I would first recommend checking the configuration on the FortiGate, making sure all parameters for connecting to EMS Cloud are configured correctly. You can then contact Fortinet support for further assistance and to diagnose the problem. As for registering FortiGate using a key generated by EMS Cloud, it may be worth looking for detailed instructions on the official Fortinet website or in the EMS Cloud documentation.

mhaneke · ‎04-02-2024

Hello,

I could solve the problem as follows:

The FG-200F was registered to another account before and was transferred by Fortinet support. But that did not work flawless as I know by now. After I restarted the FG approx. 3 days after the account transfer, the FG showed up in the Forticlient EMS cloud of the old account.

I disabled the Forticlient connector, rebooted again, activated the Forticlient connector again, accepted the newly presented certificate and it worked.

In short: The credentials of the old account were cached. And obviously they were only deleted after disabling the connector AND rebooting the FG.

best regards

Martin

best regards
Martin

FortiClient EMS cloud fails to authorize FG-200F v.7.2.4

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website