Hello all!
I installed Fortimanager VM-64 (trial version) and try to add a new Fortigate device (VM64, trial version) but no luck.
Platform of virtualization: Vmware ESXI.
I tried to initiate it from Fortimanager GUI and from Fortigate GUI.
When i enable debug on devices there are some errors:
diagnose debug enable
diagnose debug application fgfmd -1
FGFMs: cert_id<0>, sni<support.>FGFMs: set_fgfm_sni SNI<support.fortinet.com> FGFMs: Load Cipher [DES:@STRENGTH] FGFMs: before SSL initialization FGFMs: SSLv3/TLS write client hello FGFMs: SSLv3/TLS write client hello FGFMs: [__get_error:612] error=5, errno=104,Connection reset by peer.
Could anyone help with this question please ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I tried to connect from both sides.
After changes in enc-algorithms:
FGFMs: issuer matching...try next if not match... localissuer(fortinet-subca2001), remoteissuer(support) FGFMs: No extra certs matched, aborting connection! FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[0] FGFMs(probing...): Cleanup session 0x7f8285295c00, 10.1.134.226. FGFMs(probing...): Destroy session 0x7f8285295c00, 10.1.134.226.
My configurations looks similar, bit on your FGT -
enc-algorithm : high
My device doen't let me input it. Only default or low, because it's trial verison.
Are your configuration from devices on trial-license or permanent ?
Could you show 'get system global' from your FGT ?
Many thanks.
Hi,
The solution to your problem is enabling "set fgfm-ssl-protocol tlsv1.0" in fortimanager.
And I am adding the fortigate from frotimanager.
For me, authorize device in fortimanager do not work. The only way I can add the fortigate to fortimanager is to click add device in fortimanager.
Settings in fortigate -
config system central-management set type fortimanager set fmg "192.168.150.102" set fmg-source-ip 192.168.150.128 end
Settings in fortimanager
config system global set adom-status enable set fgfm-ssl-protocol tlsv1.0 set timezone 26 set usg enable end
Hi,
I have already tried it, but no results. :(
Do you use a trial license too ?
I use trial license on both fortimanager and fortigate. Do not play with encryption.
Important - Do not sent register message from fortigate, then try to authorize them from fortimanager. It does not work.
Only works - Add device from fortimanager.
And when you test policy packet, you will see an error every time - fortimanager sends an invalid VPN certificate. After every policy deployment, I need to do a manual export again.
The very interesting moment that i tried to reproduce it on my PC with Vmware Workstation 15.
I succesfully added the FTG from FMG without any aditional setups, only the network connectivity and enable FGFM protocol on FGTs interface.
But after i tried to remove this device from FMG GUI, i could't add it anymore.
Tried to install from new template but the result is the same :(
Do anybody have any thoughts about it ?
Please configure below on FMG and try it again.
config system global set enc-algorithm low set fgfm-ssl-protocol tlsv1.0 end
Many thanks you!
It was a solution:
config system global set enc-algorithm low set fgfm-ssl-protocol tlsv1.0
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.