Hi All,
I'm getting a error " Failed to retrieve configuration from device" when adding a new firewall @ 'Retrieving configuration'.
When I checked the events: "fgfm connection to device FGT-FWxxxx down" please referthe screenshot attached.
Thanks in advance !!!
Regards,
Sri
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Sounds like the same issue you ran into about a year ago:
https://forum.fortinet.com/tm.aspx?m=137919
If the proper firmware path is not followed when upgrading, or if a factory reset is not done after downgrading, this can happen. The FortiGate is left with categories the FMG doesn't recognize as valid, and import fails.
The easiest way I have found to be able to see the actual error encountered is to have the FortiGate pre-registered first, and then add it.
1) Delete the FGT from FMG (if still present)
2) Configure the FGT to point to FMG
3) The FGT should show up as an unregistered device in the root ADOM on FMG
4) Go through the normal add process
5) During the config import when it fails you can drill down to see the error*
* IIRC though, it only shows you the first error encountered. Last time this happened to me, I ended up having to do it twice to catch both invalid categories.
Hi Lukasz,
Thanks a lot for the response.
Sounds like the same issue you ran into about a year ago:
Yes but this time the case has no evidence to prove the error
1) Delete the FGT from FMG (if still present)
Delete it 2-3 times and tried
2) Configure the FGT to point to FMG
Done already, still no luck
3) The FGT should show up as an unregistered device in the root ADOM on FMG
I used to check root ADOM always, but this time it is not the case
4) Go through the normal add process
Yes added directly to the fortimanager and tried to send the add request from device too, still no luck
5) During the config import when it fails you can drill down to see the error*
this is the part I was refering that there is no error presented in the event logs / task manager (was looking for that web-filter error like last time)
Any idea how to fix it ?
Ticket has been raised with fortinet support.
Thanks in advance !!!
Regards,
Sridhar
sridharsre wrote:
this is the part I was refering that there is no error presented in the event logs / task manager (was looking for that web-filter error like last time)
Not the event logs or task manager, but in the window during the add process where it fails.
I've only seen it when I add an unregistered device from the root ADOM. I don't have a screenshot handy, but the window is different than the one you posted above. There is a little icon near where it says it failed. You end up having to drill-down through two little icons. Then I think you need to hover over where it shows the error - because you can't scroll over. But if you hover your mouse pointer over the error you should get a little pop-up window that shows the full text of the error - you need to manually write it down.
Barring that, if you are able, you may want to factory default the FortiGate and re-configure it manually.
Hope that helps, good luck!
seems FMG tunnel access to FGT has some problem
what is FMG and FGT version?
can you enable below debug on FMG and FGT when add device?
FMG: diagnose debug application fgfmsd 255
FGT: diagnose debug application fgfmd 255
and on FGT, also check for get system central-management
Thanks
Simon
Hi Lukasz,
Thanks for the Information. As I tried multiple times, now only the device added to root ADOM.
Hi Simon,
tried as you said, no output came and gets the right results of fortimanager for "get system central-management" in the fortigate. no luck :(
Fortigate: v5.2.4,build688 (GA)
FortiManager: v5.4.2-build151 161213 (GA)
Thanks in advance !!!
Regards,
Sridhar
tried as you said, no output came
-- forgot to say, need to do "diag debug enable" first
and gets the right results of fortimanager for "get system central-management" in the fortigate
-- so you see correct FMG SN in the result?
thanks
Simon
Hi, I have the same problem, any solution?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.