Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rafaelkkksalgado
New Contributor

Created on ‎09-23-2024 01:29 PM

Fortimanager VM connect fortigate error

Good afternoon!

Friends, I'm using two images in EVE-NG, one from fortigate v7.0.15 and the other from fortimanager v7.6.0 build3340 (Feature).

I connected to both with the forticloud trial.

I configured a management interface on both and another Lan interface (where I would connect between them)

They both ping each other and fortigate closes telnet on port 541.


I activated FMG-Access on the lan port on the fortigate where I will communicate with the fortimanager.

I reduced encryption in fortimanager, set low and also activated fgfm-ssl-protocol sslv3.


I put the Fortimanager IP in the fabric connector > Fortimanager, on premises.


I always get this error:

The FortiManager's access to the FortiGate will be authenticated by the FortiManager certificate. The serial number from the certificate must match the serial number observed on the FortiManager. Could not connect to the FortiManager to retrieve its serial number.

I tried everything possible, I have no more ideas. Please Help .image.pngimage.png

Labels:
953
0 Kudos
6 REPLIES 6
adambomb1219
SuperUser
SuperUser

Created on ‎09-23-2024 02:07 PM

Why 7.0?  

941
0 Kudos
Rafaelkkksalgado
New Contributor
In response to adambomb1219

Created on ‎09-23-2024 02:44 PM 

Because I read about this version having fewer limitations as it is a trial. :,( . But I tried with newer versions too. I had the same result.
923
0 Kudos
Hsharma
Staff
Staff

Created on ‎09-23-2024 03:04 PM

Hello ,

 

Please check the compatibility tool between Fortigate and Fortimanager . They seems to be non-compatible version. Kindly try to make the version compatible to each other and see that helps.

 

Please use the link to check the compatibility between fortigate and fortimanager .

 

https://docs.fortinet.com/compatibility-tool/fortimanager

 

Thank You

 

919
Rafaelkkksalgado
New Contributor
In response to Hsharma

Created on ‎09-23-2024 03:51 PM

You right! But i already test compatible versions. But i find the solution now. Need to run this on Fortimanager: config sys global
set fgfm-peercert-withoutsn enable


Thanks all.

901
0 Kudos
tunoktu5
New Contributor

Created on ‎09-24-2024 12:18 AM Edited on ‎09-30-2024 01:42 AM

Ok after not using the custom security profiles defined at global scope and using those in a VDOM and just using legacy authentication I'm now able to connect to my Gate from LAN side https://vshare.onl/ . Thanks!!

819
ametkola
Staff
Staff

Created on ‎09-24-2024 05:58 AM

Hello  Rafaelkkksalgado, 

 

The article below explains further regarding the error and the solution in this case:

https://community.fortinet.com/t5/FortiManager/Technical-Tip-Setup-custom-certificate-for-FGFM-proto...

 

Regards,

 

 

783
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.