Hi guys,
I am testing add new FGTs on FMG. Here are the model I am using:
FMG-VM64-KVM6.2.5 and FortiOS-VM64-KVM 6.2.3. Both are Free Trial.
I have tried to use Discover Wizzard and PSK to add FGTs, they are working fine. But when I use the SN number. It's failed.
Debug information shown on FMG:
[style="background-color: #ccffff;"]Request:[/style] [style="background-color: #ccffff;"]{ "client": "dmserver:548", "id": 384, "method": "exec", "params": [{ "data": { "device": 134, "force": 0}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}[/style] [style="background-color: #ccffff;"]FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:send:[/style] [style="background-color: #ccffff;"]put auth[/style] [style="background-color: #ccffff;"]user=admin[/style] [style="background-color: #ccffff;"]passwd=******[/style]
[style="background-color: #ccffff;"]FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:[/style] [style="background-color: #ccffff;"]reply 501[/style] [style="background-color: #ccffff;"]request=auth[/style]
[style="background-color: #ccffff;"]Response:[/style] [style="background-color: #ccffff;"]{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}[/style] [style="background-color: #ccffff;"]Response:[/style] [style="background-color: #ccffff;"]{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}[/style]
[style="background-color: #ffffff;"]Has anyone encounter same issue before. I am guessing the admin password on FMG mismatches with that on FGT. But I already try several time to modify the password. Still same result.[/style]
[style="background-color: #ffffff;"] [/style]
[style="background-color: #ffffff;"]Here are some of me reference links:[/style]
[style="background-color: #ffffff;"] [/style]
[style="background-color: #ffffff;"]https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/615344/adding-a-model-dev...[/style]
https://kb.fortinet.com/kb/documentLink.do?externalID=FD48001
https://forum.fortinet.com/m/tm.aspx?m=177241&p=2
My current configuration:
FMG:
FMG-VM64-KVM # show system global config system global set adom-status enable set enc-algorithm low set fgfm-ssl-protocol tlsv1.0 set usg enable end
FGT:
TEST # show system central-management config system central-management set type fortimanager set fmg "192.168.236.99" set fmg-source-ip 192.168.236.100 set enc-algorithm default end
I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?
I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.
neonbit wrote:I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?
I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.
Thanks neonbit for the advice. Yes I haven't load any licence to the FGT. Let me try it and update here.
Just found the answer.
By default, FMG will use username admin and empty password to build up the FGFM tunnel. But if you login to FGT to add basic config, you are forced to change the default (empty) password. To method to solve the issue:
1. Use USB to load basic config.
2. Create another super user on FGT and delete the password of user 'admin'.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.