Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sebastian_Llabres
New Contributor

Fortigate GUI notifies Unable to Connect to FortiManager but CLI show tunnels OK

Good morning and thanks in advance.

I have deployed a FM with v7.2.1 and two FG HA cluster with v7.0.2

I added FG to FM with the Add Device wizard. All devices have been discovered and added, policies and objects sync'd ok with FM. When modifying rules on the FM the modifications are pushed OK to FGs.

I also activated Fortianalyzer Features on FM and FG are sending logs OK to FM.

 

Everything seems OK, BUT on both FG clusters, within Security Fabric > Fabric Connectors > FM Connection is shown in Red and "Not Managed" and the notification reads as: Unable to Connect to FM

 

But when checking by CLI all the platforms, the FGFM tunnels are established and up:

On FM:

ES1FMG01BKT2 # diagnose fgfm session-list
ES1FW03BKT2_FG (260) sn(******************) ip(192.168.177.124)    <-- FG HA Cluster2
state(tunnel) tunnel (169.254.0.2) uptime:Mon Oct 24 00:07:56 2022
ES1FW03BKT1_FG (233) sn(******************) ip(192.168.177.140)    <-- FG HA Cluster1
state(tunnel) tunnel (169.254.0.3) uptime:Mon Oct 24 00:07:56 2022
Session count = 2 (tunnel 2)
ES1FMG01BKT2 #

 

On FGs:

ES1FW03BKT2_FG (global) # diagnose fdsm central-mgmt-status
Connection status: Up
Registration status: Registered
ES1FW03BKT2_FG (global) #

ES1FW03BKT1_FG (global) # diagnose fdsm central-mgmt-status
Connection status: Up
Registration status: Registered
ES1FW03BKT1_FG (global) #

 

Any idea why on the FG GUI the connection to FM is shown as Not Established (Devices Not Managed by FM) when the CLI says the tunnels are up and the devices seem to be managed OK?

 

FG_and_FM_GUI_captures_FGFM_Tunnel_down.png

 

 

1 Solution
distillednetwork
Contributor III

This is a known bug in 7.0.2 (756420) and fixed in 7.0.3: 

https://docs.fortinet.com/document/fortigate/7.0.3/fortios-release-notes/236526/known-issues

 

Based on the major security vulnerability released recently, I would urge you to upgrade to 7.0.7 or 7.0.8 as soon as possible.  This is a critical vulnerability that is being actively exploited.

https://www.fortiguard.com/psirt/FG-IR-22-377

 

View solution in original post

2 REPLIES 2
distillednetwork
Contributor III

This is a known bug in 7.0.2 (756420) and fixed in 7.0.3: 

https://docs.fortinet.com/document/fortigate/7.0.3/fortios-release-notes/236526/known-issues

 

Based on the major security vulnerability released recently, I would urge you to upgrade to 7.0.7 or 7.0.8 as soon as possible.  This is a critical vulnerability that is being actively exploited.

https://www.fortiguard.com/psirt/FG-IR-22-377

 

Sebastian_Llabres

Thanks for the answer.

Just checked the release notes, and yes, it's exactly the bug id 756420 you say. It appears as a Known Issue in release v7.0.2 within the GUI section:

https://docs.fortinet.com/document/fortigate/7.0.2/fortios-release-notes/236526/known-issues

But as a Resolved Issued it appears in the release v7.0.4:

https://docs.fortinet.com/document/fortigate/7.0.4/fortios-release-notes/289806/resolved-issues

 

We just applied the workaround for the FG-IR-22-377 vulnerability, but having the bug 756420 and also the FORTINET-FG-IR-22-377_Auth-Bypass, it's quite probable we finally upgrade to v7.0.7 or v7.0.8

 

Top Kudoed Authors