Unable to add FortiGate to FortiManager

k-lee · ‎01-06-2025

Hi all,

I am attempting to build a Fortinet Lab. I have a FortiGate version 7.6.1 and FortiManager 7.6.2. Both devices are using trial licenses.

When attempting to add the FortiGate to the Manager, I am getting a "probe failed" error.

On the FortiGate I have FMG-Access selected, I configured the ENC-algorithm to default

On the FortiManager I configured ENC-algorithm to low and fgfm-ssl-protocol sslv3

When attempting to add the FortiGate to the FortiManager from the FortiGate Security Fabric -> Fabric Connectors I get the below error

Any assistance will be greatly appreciated

ametkola · ‎01-06-2025

Hello @k-lee ,

Which is the current firmware version of FortiManager ? If you are running in v7.2.5 you can perform the following changes :

config system global
set fgfm-peercert-withoutsn enable
end

Reference article >> https://docs.fortinet.com/index.php/document/fortimanager/7.2.5/release-notes/519207

Regards,

ametkola

View solution in original post

ametkola · ‎01-06-2025

Hello @k-lee ,

Which is the current firmware version of FortiManager ? If you are running in v7.2.5 you can perform the following changes :

config system global
set fgfm-peercert-withoutsn enable
end

Reference article >> https://docs.fortinet.com/index.php/document/fortimanager/7.2.5/release-notes/519207

Regards,

ametkola

k-lee · ‎01-06-2025

Hi ametkola,

I am running version 7.6.2 FortiManager.

Preview

funkylicious · ‎01-06-2025

Hi,

Please have a look at, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-solve-the-error-message-Could... and see if it solves your issue.

"jack of all trades, master of none"

k-lee · ‎01-06-2025

Hi funkylicious,

I also came across this post, but I am running FortiManager 7.6.2.

I did the these commands from the post but still no luck.

set schedule-config-restore disable
set schedule-script-restore disable

funkylicious · ‎01-06-2025

From the commands, don't focus on those but on the rest.

You could try and do a unset for all the existing params configured on the FortiGate and try setting the FMG again along the command that @ametkola suggested and is also present in the link.

"jack of all trades, master of none"

k-lee · ‎01-06-2025

I tried the unset of all parms

I also tried the "set fgfm-peercert-withoutsn enable" however the command doesn't seem to be available on version 7.6.2 of FortiManager.

funkylicious · ‎01-06-2025

I see.

You are quite the pioneer exploring the 7.6 release so we might need to dig through the documentation for it.

Have a look at https://docs.fortinet.com/document/fortimanager/7.6.2/release-notes/519207/special-notices - Custom certificate name verification for FortiGate connection

"jack of all trades, master of none"

k-lee · ‎01-06-2025

I have decided to do the lab with FortiManager 7.2.5 and FortiGate 7.2.5.

I will continue to try with 7.6.2 sometime in the near future.

Thanks all for the assistance.

dingjerry_FTNT · ‎01-06-2025

Hi @k-lee ,

Is there any firewall device between the FGT and FMG?

On the FGT, please run the following CLI command to make sure that FGT can see FMG each other:

diagnose sniffer packet any 'port 541' 4

Regards,

Jerry

Unable to add FortiGate to FortiManager

Nominate a Forum Post for Knowledge Article Creation