Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Irah
Visitor

Created on ‎12-28-2025 08:19 AM Edited on ‎12-28-2025 08:30 AM

Issue when adding FortiGate to FortiManager

Hi, 

I am looking for help.

I am trying to add FortiGate 7.6.4 KVM to FortiManager 7.6.4 KVM, but it doesn't work.

 

From FMG, I am getting the "Probe failed" error message for both OAuth Login (after successful login) and Legacy Login.

 

From FG, I am getting the following errors:

  • From GUI

FG-GUI.jpg

 

  • From CLI

FG-CLI.jpg

 

Connectivity test is OK:

  • FG can ping FMG and vice versa
  • FMG-Access is enabled on the FG interface connected to FMG
  • Telnet to FMG IP 541 from FG is successful

 

Other information:

  • fgfm-allow-vm is enabled on FMG
  • FAZ 7.6.4 KVM is successfully added to FMG
  • execute central-mgmt register-device on FG does nothing
  • I am not using a custom certificate

 

102
0 Kudos
6 REPLIES 6
lenenkash
New Contributor

Created on ‎12-28-2025 12:26 PM

I don’t think it’s possible to add Fortigate trial version in FMG and FAZ. I came to the conclusion that :

-In the certificate that a FortiGate running in evaluation mode sends to FortiManager to establish the tunnel, the serial number is missing from the common name field. As a result, FortiManager refuses to establish the connection because the certificate does not meet the validation requirements.

-No amount of configuration or troubleshooting will make the connection succeed. The issue is directly related to the certificate structure, therefore the tunnel cannot be formed in this mode.

78
0 Kudos
yderek
Staff
Staff

Created on ‎12-28-2025 01:19 PM

@Irah  Since this is VM as FMG by default not allowed the VM connection, can you try to allow the VM connection from FMG site ?

 

On your FMG open CLI and try below command 

=======================

config sys global

set fgfm-allow-vm enable

end

=====================

Now try to authorised again see whether you can 

69
0 Kudos
Irah
Visitor
In response to yderek

Created on ‎12-28-2025 01:37 PM

fgfm-allow-vm is already enabled

 

61
0 Kudos
yderek
Staff
Staff

Created on ‎12-28-2025 01:53 PM

Hi

@Irah Can you run below command and upload here ? 

 

On FortiGate 

==========================

get router info routing-table details 10.0.0.100 

config vpn certificate local
get Fortinet_Factory
exec ping-option data-size 1500

exe ping-options df-bit y
exec ping 10.0.0.100 

exec ping-option data-size 1420

exe ping-options df-bit y
exec ping 10.0.0.100 

show firewall local-in-policy

==========================

 

On FMG site 

==========================

config system global

get

==========================

 

 

 

 

56
0 Kudos
Irah
Visitor
In response to yderek

Created on ‎12-28-2025 02:20 PM

Here,

FG-001.jpgFG-002.jpg

FMG-001.jpgFMG-002.jpgFMG-003.jpg

52
0 Kudos
yderek
Staff
Staff

Created on ‎12-28-2025 02:50 PM

@Irah  I can see your FMG has below setting 

set enc-algorithm high 
Can you change to high on FG site as well ?

 

config system central-management
set enc-algorithm high 
end

 

Also FortiGate certificate has CN=Fortigate, which it should be serial number 

Which something looks like below 

 

Screenshot 2025-12-29 094559.png

Which cloud platform is the FortiGate hosted as VM ?

 

 

 

41
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.