Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NickStudi
New Contributor

FortiManager pxGrid Connection

I wanted to connect a FortiManager with pxGrid ISE according to the following Installation Guide: https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/466394/creating-cisco-pxg...

 

We have uploaded the certificate in FortiManager and created the pxGrid Connector under Fabric Connectors. The FortiManager is also already listed on the ISE server. But when I go to External Connectors -> the pxGrid Connector Apply & Refresh I get 2 errors (see screenshots). Does someone know what could be the reason for this error? In addition, the screenshots in the Administration Guide show an older software version of the Manager and the extra function "Single Sign On" is no longer available on the Manager V.6 & V7.

 

Thank You

 

 

update_group.PNGupdate_user.PNGProgress Report.PNG

4 REPLIES 4
adambomb1219
Contributor III

What version of ISE?  Has Fortinet updated this connector for pxGrid 2.0?  

NickStudi

Hi adambom1219, the Version of the ISE is V3.2.

adambomb1219

ISE 3.1 removed support for pxGrid 1.0.  I would open a Fortinet TAC case and ask if Fortinet updated the pxGrid code in FortiManager for pxGrid 2.0.  
If the FortiManager side still requires pxGrid 1.0, then you need your ISE server to be on version 3.0 which: https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/identity-service...

vraev
Staff
Staff

Hi @NickStudi ,

 

Have you tried to made a packet capture?
diag sniffer packet any 'host 172.20.39.48 and host 172.20.39.45' 3 (example)
And debugs at the same time:

diag debug enable
diag debug app connector 255

Best,

V.R.
Labels
Top Kudoed Authors