Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
k-lee
New Contributor

Unable to add FortiGate to FortiManager

Hi all,

 

I am attempting to build a Fortinet Lab. I have a FortiGate version 7.6.1 and FortiManager 7.6.2. Both devices are using trial licenses. 

 

When attempting to add the FortiGate to the Manager, I am getting a "probe failed" error. 

 

On the FortiGate I have FMG-Access selected, I configured the ENC-algorithm to default

image.png

 

On the FortiManager I configured ENC-algorithm to low and fgfm-ssl-protocol sslv3

 

When attempting to add the FortiGate to the FortiManager from the FortiGate Security Fabric -> Fabric Connectors I get the below error

image.png

 

Any assistance will be greatly appreciated

 
 
1 Solution
ametkola
Staff
Staff

Hello @k-lee ,

 

Which is the current firmware version of FortiManager ? If you are running in v7.2.5 you can perform the following changes :

config system global
set fgfm-peercert-withoutsn enable
end

 

Reference article >> https://docs.fortinet.com/index.php/document/fortimanager/7.2.5/release-notes/519207

 

Regards,

ametkola

 

View solution in original post

15 REPLIES 15
ametkola
Staff
Staff

Hello @k-lee ,

 

Which is the current firmware version of FortiManager ? If you are running in v7.2.5 you can perform the following changes :

config system global
set fgfm-peercert-withoutsn enable
end

 

Reference article >> https://docs.fortinet.com/index.php/document/fortimanager/7.2.5/release-notes/519207

 

Regards,

ametkola

 

k-lee
New Contributor

Hi ametkola,

 

I am running version 7.6.2 FortiManager. 

Preview
 
 
 
 
 
Thedream

Dear i've the same issue with 7.2.10

funkylicious
SuperUser
SuperUser

Hi,

Please have a look at, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-solve-the-error-message-Could... and see if it solves your issue.

"jack of all trades, master of none"
"jack of all trades, master of none"
k-lee

Hi funkylicious,

 

I also came across this post, but I am running FortiManager 7.6.2. 

 

I did the these commands from the post but still no luck.

set schedule-config-restore disable
set schedule-script-restore disable

 
funkylicious

From the commands, don't focus on those but on the rest.

You could try and do a unset for all the existing params configured on the FortiGate and try setting the FMG again along the command that @ametkola suggested and is also present in the link.

"jack of all trades, master of none"
"jack of all trades, master of none"
k-lee

I tried the unset of all parms

image.png

 

I also tried the "set fgfm-peercert-withoutsn enable" however the command doesn't seem to be available on version 7.6.2 of FortiManager.

image.png

 

 
funkylicious

I see.

You are quite the pioneer exploring the 7.6 release so we might need to dig through the documentation for it.

Have a look at https://docs.fortinet.com/document/fortimanager/7.6.2/release-notes/519207/special-notices - Custom certificate name verification for FortiGate connection 

"jack of all trades, master of none"
"jack of all trades, master of none"
k-lee

I have decided to do the lab with FortiManager 7.2.5 and FortiGate 7.2.5.

 

I will continue to try with 7.6.2 sometime in the near future. 

 

Thanks all for the assistance.

 
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors