Hello Everyone,
I just spun up a new installation of FortiManager, version 5.2 build 618. I am using the virtual appliance downloaded from the website. I am trying to import a couple of FortiGate 300D devices, version 5.2.1 build 618. However, I get the following error: This FortiManager does not support the discovered device model and firmware version combination.
Has anyone seen that problem before? Could anyone provide a fix or workaround?
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Looks like you need to wait for Fortimanager 5.2.1. We are having the same problem and was told that 5.2.1 would be released soon.. That was over three weeks ago. This is becoming unacceptable. We were assured that upgrading our FW to 5.2.1 would be supported by Fortimanager.
You're in same boat we are, it looks like all "D" models that are based on the NP6 asic are not supported yet.
Hi, Flyshuffle
For previous Matthew's case, that case is for install FMG 5.0 ADOM policy package to 5.2 FGT and because FOS 5.2 re-designed policy (for example, 1 policy with multiple identity rule will become multiple policies after upgrade to 5.2), so FMG re-organized policy with new policy ID, and triggered policy delete and re-install
Not sure if this is similar case as your FMG/FGT env? and not sure if you can send me the FMG install log for further investigation?
Thanks
Simon
scao_FTNT wrote:Hi, Flyshuffle
For previous Matthew's case, that case is for install FMG 5.0 ADOM policy package to 5.2 FGT and because FOS 5.2 re-designed policy (for example, 1 policy with multiple identity rule will become multiple policies after upgrade to 5.2), so FMG re-organized policy with new policy ID, and triggered policy delete and re-install
Not sure if this is similar case as your FMG/FGT env? and not sure if you can send me the FMG install log for further investigation?
Thanks
Simon
Simon,
That's not actually true in my case, the vdom I reported the issue with has not identity based policies.
The cause that I can see is the new UUID's introduced in 5.2.0. During the upgrade the Fortigate is generating UUID's for it's policies and then when the FortiManager goes to do an install the UUID's that it (FMG) has don't match. This results in the FMG deleting policies that have the mismatch (in the case I raised it happens to delete all policies) and then installs what it thinks are correct policies.
In the brief testing I did on our Backoffice vdom on the same unit, which has only 56 policies, the initial install tried to delete about half the policies and then it was only able to install a couple of the deleted policies, eg; 56->26->32.
Subsequent installs resulted in the Fortigate only having 26 policies. As this vdom is only responsible for a couple of Backoffice DMZ services I decided to delete all policies from the Fortigate and then allow the FortiManager to install it's policies. This returned all 56 policies.
Simon, as I said in the TAC case
If I was to have performed an install on our Fortigate without first checking what was going to happen our entire DR site would have gone offline, consider now a customer that doesn't test these things as rigorously and they will take down their production environment.This is exactly what happened to Flyshuffle...
Regards,
Matthew
Hi, Matthew,
Thanks for the update, yes, your issue is tracked in that ticket and you already provided many details in the ticket.
I just want to confirm with Flyshuffle if his case is also for 5.0 package install to 5.2 FGT
Thanks
Simon
Alright, maybe I am missing something big, but I am having some things going on that I don't understand. Hopefully, I can explain here.
My FGM-VM installation was upgraded to version 5.2.1, build 622. My FG300D installation was upgraded to version 5.2.2. After seeing some unexpected results, I decided to work with a non-production setup in our lab to see if I could figure out what is going on.
I decided to create a simple policy to experiment with. It had three rules, and the explicit deny rule:
Policy: LAN > Internet
seq# |id |source |destination |service |action 1 1 any any dns accept 2 2 any any http/https accept 3 3 any any smtp accept 4 implicit deny
In FMG, I select Policy Package > 300D > Test Policy, right click and select install wizard, and everything seems ok. I log directly into the FG300D firewall and look at the policy, and it looks like this:
Policy: LAN > Internet seq# |id |source |destination |service |action 1 4 any any http/https accept 2 implicit deny
Where did the other rules go? I am doing the installation incorrectly, even though this is how I did them with previous firmware versions?
I have other examples of rules disappearing when I make a change on FGM and attempt to install on the FG300D, as well as times where I have to clone the policy and install the cloned one to the device when I am greeted with a "no installing devices/no changes on package" message, when I clearly made some changes to the package.
Again, thanks everyone for your input.
Hi, Flyshuffle, thanks for your details, and losing policy looks similar issue as the one reported by Matthew
not sure if you can open a ticket (send me the ticket ID so I can follow up your case) and provide us the FMG db config, then we can quickly identify the issues for you.
Thanks
Simon
Hi, Flyshuffle, your issue case confirmed in my testing and is for install 5.0 version policy package to 5.2 FGT
If all your ADOM FGTs are upgraded to 5.2, you can try to upgrade ADOM version to 5.2, thus can workaround this losing policy issue
Thanks
Simon
scao_FTNT wrote:Hi, Flyshuffle, your issue case confirmed in my testing and is for install 5.0 version policy package to 5.2 FGT
If all your ADOM FGTs are upgraded to 5.2, you can try to upgrade ADOM version to 5.2, thus can workaround this losing policy issue
Thanks
Simon
Hi Simon,
I was able to upgrade the ADOM to version 5.2, reapply the policies, and try some additional testing. At this time, everything now appears to be working as expected.
Thank you!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.