Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dan_Eng52
Contributor II

Created on ‎03-10-2025 09:16 AM

Security Fabric stuck "connecting" - Management IP contains illegal characters

Hi all, 

 

I hope you're well. 

 

I am having issues connecting our branch firewalls to our fabric root FortiGate. All the configuration is correct as prior to upgrading all firewalls to 7.4.7 this was working just fine. Post upgrade to 7.4.7, we found that the set group-name "NAME" command was stripped from the security fabric configuration. This configuration was re-applied, and we can now see communication between the branch firewalls and fabric root on port 8013 however when running a sniffer, I get the below: 


Illegal Characters Screenshot.jpg

 

It seems as though that when it tries to validate it doesn't like the admin port that is configured which is not a default port. I have tried setting this to "Use Admin Port" as well as "Specify" but am still having the same issue. I am not sure as to what else I can change, changing the management port is not possible but I feel it would display the same behaviour no matter what this was set to. 

 

Has anyone come across this issue before and have any ideas on how to resolve? 

Many thanks, 

Dan. 

Labels:
1157
0 Kudos
5 REPLIES 5
Dan_Eng52
Contributor II

Created on ‎03-11-2025 02:41 AM Edited on ‎03-11-2025 02:42 AM

@Anthony_E can you please assist in finding a possible solution? Many thanks, Dan. 

1119
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎03-11-2025 02:54 AM

Hello Dan_Eng52,

 

Please note that Anthony is a Technical Writer and has no Technical knowledge (as for me).

 

Can you tell me if that helps:

 

If the Security Fabric is stuck on "connecting" and the management IP contains illegal characters, follow these steps to resolve the issue:

  1. Verify IP Address Format: Ensure that the management IP address is correctly formatted. It should only contain numbers and periods (e.g., 192.168.1.1).

  2. Check Configuration:
    - Access the FortiGate and FortiNAC configuration settings.
    - Verify that the management IP address is correctly entered without any illegal characters.

  3. Correct Illegal Characters: If illegal characters are present, correct the IP address to a valid format.

  4. Restart Services: After correcting the IP address, restart the necessary services on both FortiGate and FortiNAC to apply the changes.

  5. Monitor Logs: Check the system logs for any errors or warnings related to the IP address configuration.

  6. Test Connectivity: Once changes are made, test the connectivity between FortiGate and FortiNAC to ensure the Security Fabric is functioning correctly. If the issue persists after following these steps, further investigation into the network configuration and settings may be required.

Hope it can help you otherwise I will seek assistance to help you.

 

Thanks.

Regards,

Jean-Philippe - Fortinet Community Team
1109
AEK
SuperUser
SuperUser

Created on ‎03-11-2025 03:34 AM

Hi Dan

Can you share the output?

show full config sys global | grep management

You can hide the IP (but keep visible any extra character, if any).

AEK
AEK
1100
Dan_Eng52
Contributor II
In response to AEK

Created on ‎03-11-2025 09:16 AM

Hi AEK, 

 

Please see output below: 

 

Output.jpg

 

I'm not quite sure why it is complaining about illegal characters, it wasn't doing this prior to upgrading to 7.4.7 so I am hoping this is not a bug that has been introduced. 

Let me know your thoughts. 

Thanks, 
Dan. 

1063
0 Kudos
Benjamin_B
New Contributor
In response to Dan_Eng52

Created on ‎08-08-2025 01:36 AM

Hello Dan,

I dunno if you fixed the issue yet, but I had a ticket open with support about this same issue (also after migrating to 7.4.7), and the problem was the custom port for the mgmt interface on the downstream fortigate.

The issue was solved by reverting the HTTPS port to the default one in System > Settings > Administration Settings

Seems it has been fixed in 7.4.8

1068310:  CSF root cannot accept downstream device with authorization-request-type serial/certificate with non-default management port.

 

Regards

200
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.