- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to add FortiGate to FortiManager
Hi all,
I am attempting to build a Fortinet Lab. I have a FortiGate version 7.6.1 and FortiManager 7.6.2. Both devices are using trial licenses.
When attempting to add the FortiGate to the Manager, I am getting a "probe failed" error.
On the FortiGate I have FMG-Access selected, I configured the ENC-algorithm to default
On the FortiManager I configured ENC-algorithm to low and fgfm-ssl-protocol sslv3
When attempting to add the FortiGate to the FortiManager from the FortiGate Security Fabric -> Fabric Connectors I get the below error
Any assistance will be greatly appreciated
Solved! Go to Solution.
- Labels:
-
FortiGate
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @k-lee ,
Which is the current firmware version of FortiManager ? If you are running in v7.2.5 you can perform the following changes :
config system global
set fgfm-peercert-withoutsn enable
end
Reference article >> https://docs.fortinet.com/index.php/document/fortimanager/7.2.5/release-notes/519207
Regards,
ametkola
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @k-lee ,
Which is the current firmware version of FortiManager ? If you are running in v7.2.5 you can perform the following changes :
config system global
set fgfm-peercert-withoutsn enable
end
Reference article >> https://docs.fortinet.com/index.php/document/fortimanager/7.2.5/release-notes/519207
Regards,
ametkola
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please have a look at, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-solve-the-error-message-Could... and see if it solves your issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi funkylicious,
I also came across this post, but I am running FortiManager 7.6.2.
I did the these commands from the post but still no luck.
set schedule-config-restore disable
set schedule-script-restore disable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the commands, don't focus on those but on the rest.
You could try and do a unset for all the existing params configured on the FortiGate and try setting the FMG again along the command that @ametkola suggested and is also present in the link.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried the unset of all parms
I also tried the "set fgfm-peercert-withoutsn enable" however the command doesn't seem to be available on version 7.6.2 of FortiManager.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see.
You are quite the pioneer exploring the 7.6 release so we might need to dig through the documentation for it.
Have a look at https://docs.fortinet.com/document/fortimanager/7.6.2/release-notes/519207/special-notices - Custom certificate name verification for FortiGate connection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have decided to do the lab with FortiManager 7.2.5 and FortiGate 7.2.5.
I will continue to try with 7.6.2 sometime in the near future.
Thanks all for the assistance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @k-lee ,
Is there any firewall device between the FGT and FMG?
On the FGT, please run the following CLI command to make sure that FGT can see FMG each other:
diagnose sniffer packet any 'port 541' 4
Jerry
