Hello,
I fail in connecting a FG-200F v7.2.4 to FortiClient EMS cloud. In "Fabric Connectors" -> "Connection status" it reads: FortiGate not authorized, but in FortiClient EMS cloud neither the Authorization pop-up is displayed nor occurs the device in EMS cloud Administration -> Fabric Devices.
Does some know how to debug this?
I am also searching for a how-to on registering a Fortigate by using a EMS cloud-generated Fortigate key by GUI or CLI.
best regards
Martin Haneke
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I could solve the problem as follows:
The FG-200F was registered to another account before and was transferred by Fortinet support. But that did not work flawless as I know by now. After I restarted the FG approx. 3 days after the account transfer, the FG showed up in the Forticlient EMS cloud of the old account.
I disabled the Forticlient connector, rebooted again, activated the Forticlient connector again, accepted the newly presented certificate and it worked.
In short: The credentials of the old account were cached. And obviously they were only deleted after disabling the connector AND rebooting the FG.
best regards
Martin
Hi Martin
Check connectivity between FGT and EMS. I think the required port is 8015 TCP.
@AEKThank You for Your reply. But am I wrong, thinking that internal firewall services are always free and do not need special rules?
In our case the access for the FG to WAN is not restricted.
8015 is from FGT (as client) to EMS (as server). You need allow it on Windows firewall from EMS side.
I was not detailed enough in my question: The communication to troubleshoot is: FG-200F to EMS cloud (and not EMS on Windows).
The I guess there is some firewall protecting your EMS Cloud, right? That's where you need to allow the required traffic initiated from FGT public IP. Is this done already?
Not AFAIK. Another FG-100F connected to EMS cloud without any problems.
Any other suggestions?
BTW: How could EMS cloud be protected by ones own firewall?
best regards
Martin
Forget about the firewall now. Can you sniff traffic on EMS side to see if FGT connection requests are reaching it?
For debugging, I would first recommend checking the configuration on the FortiGate, making sure all parameters for connecting to EMS Cloud are configured correctly. You can then contact Fortinet support for further assistance and to diagnose the problem. As for registering FortiGate using a key generated by EMS Cloud, it may be worth looking for detailed instructions on the official Fortinet website or in the EMS Cloud documentation.
Hello,
I could solve the problem as follows:
The FG-200F was registered to another account before and was transferred by Fortinet support. But that did not work flawless as I know by now. After I restarted the FG approx. 3 days after the account transfer, the FG showed up in the Forticlient EMS cloud of the old account.
I disabled the Forticlient connector, rebooted again, activated the Forticlient connector again, accepted the newly presented certificate and it worked.
In short: The credentials of the old account were cached. And obviously they were only deleted after disabling the connector AND rebooting the FG.
best regards
Martin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.