Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lincoln29
New Contributor II

Fortimanager could not add FTG device

When I add FGT v7.2.8 build1639 (Mature) in FGTM v7.2.6-build1632 240809 (GA) a Detect Failed message appears. Can anyone help me? Fortimanager does not ping Fortigate. Fortimanager does not ping Fortigate. They are on the same network. I configured allowed ping. 

1 Solution
FortiArt
Staff
Staff

Please check this article that solve FGT FMG connectivity and communication:

 

https://community.fortinet.com/t5/FortiManager/Troubleshooting-Tip-How-to-troubleshoot-connectivity-...

 

Hope this helps

View solution in original post

5 REPLIES 5
AEK
SuperUser
SuperUser

As long as ping is not working there is no communication. You need to fix it before doing the integration. It can have multiple causes like bad cable, wrong IP configuration ans so.

AEK
AEK
lincoln29
New Contributor II

FTGM already pings the FGT, but when I add the FGT to FTGM, an error occurs:
detect failed

 

PING FMG-VM64-KVM # exe ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1): 56 data bytes
764 bytes from 10.0.1.1: seq=0 ttl=255 time=1.345 ms
64 bytes from 10.0.1.1: seq=1 ttl=255 time=1.724 ms
64 bytes from 10.0.1.1: seq=2 ttl=255 time=0.735 ms
64 bytes from 10.0.1.1: seq=3 ttl=255 time=0.784 ms

 

FGT-1 # exe ping 10.0.1.2
PING 10.0.1.2 (10.0.1.2): 56 data bytes
64 bytes from 10.0.1.2: icmp_seq=0 ttl=64 time=1.1 ms
64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=1.2 ms
64 bytes from 10.0.1.2: icmp_seq=2 ttl=64 time=1.3 ms
64 bytes from 10.0.1.2: icmp_seq=3 ttl=64 time=1.8 ms
64 bytes from 10.0.1.2: icmp_seq=4 ttl=64 time=1.2 ms

 

sw2090
SuperUser
SuperUser

yes the error handling in FMG with adding new devices is indeed very poor. Fortinet should improve that. 

You only get such messages or similar but no actual error cause :(

 

You should make sure that FMG can reach the Device you want to add. Enable ping on the device's interface that you use to add it in FMG and check if FMG can ping it. If it cannot check cabling, policies, routing,... until ping works.

Also make sure that on the Device's interface FMG-Access is enabled (needed for FGFM protocol to work!). Also make sure that this is enabled ONLY on this device. I had cases here where it was on on more than the one interface and that kept fmg from adding the device.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
FortiArt
Staff
Staff

Please check this article that solve FGT FMG connectivity and communication:

 

https://community.fortinet.com/t5/FortiManager/Troubleshooting-Tip-How-to-troubleshoot-connectivity-...

 

Hope this helps

lincoln29
New Contributor II

FGTM pings FGTS but I can't add the device. Could it be a license?
Message:

 

This site can't be reached


Try:

Check your connection
Check your proxy and firewall
Run Windows Network Diagnostics
ERR_CONNECTION_TIMED_OUT

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors