Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Created on ‎08-22-2025 03:15 AM

Unable to register Fortigate with Fortimanager

Dear All,

I tried a lot but unable to register Fortigate with Fortimanager.

 

Please note that I am using Fortigate Version: FortiGate-VM64-KVM v7.0.3,build0237,211207 (GA) and Fortimanager Version : v7.2.10-build1682 250211 (GA).

 

FMG ========================================

Fortigate to Fortimanager reachability is fine.

FMG # execute ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=255 time=2.953 ms
64 bytes from 192.168.10.1: seq=1 ttl=255 time=3.292 ms
64 bytes from 192.168.10.1: seq=2 ttl=255 time=3.024 ms
64 bytes from 192.168.10.1: seq=3 ttl=255 time=2.750 ms

--- 192.168.10.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 2.750/3.004/3.292 ms

FMG #

FMG # config system global

(global)# show
config system global
set enc-algorithm low
set hostname "FMG"
set ssl-protocol tlsv1.0
set usg enable
end

(global)#

 

===========================================================

 Fortigate

==========================================================

FGT (global) # show
config system global
set alias "FortiGate-VM64-KVM"
set hostname "FGT"
set ssl-min-proto-version TLSv1
set timezone 04
end

FGT (global) #

FGT (central-management) # show
config system central-management
set type fortimanager
set fmg "192.168.10.2"
set fmg-source-ip 192.168.10.1
end

FGT (central-management) #

 

Debug logs =====================================on Fortimanager

FMG # diagnose debug application fgfm 255
fgfmsd debug filter: disable

FMG # diagnose debug enable

FMG # FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.
^CFGFMs(probing...): Create session 0x559e27f17330.
FGFMs(probing...): Incoming 192.168.10.1 local 192.168.10.2.
FGFMs: Load Cipher [ALL:-NULL:-aNULL:@STRENGTH]
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 error
FGFMs: ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.
FGFMs(probing...): Connection was interrupted. sockevents[-1] sslerr[-7]
FGFMs(probing...): Cleanup session 0x559e27f17330, 192.168.10.1.
FGFMs(probing...): Destroy session 0x559e27f17330, 192.168.10.1.


FMG #FMG setting.png

 

 

The moment I click on Ok then I got popup like Waiting for management confirmation from FortiManager administrator. Once confirmed full control of this FortiGate will be granted to at 192.168.10.2.

 

Then I click on OK button. after few seconds automatically Fortigate firewall gets logout.

 

 

Please help me to resolve the issue.

 

 

 

 

 

 

 

Labels:
293
0 Kudos
8 REPLIES 8
Umesh
Contributor

Created on ‎08-22-2025 05:03 AM

SSL handshak failure between fortimanager and Fortigate.png

 

 

I found SSL handshake failure, Need your suggestion

280
0 Kudos
ozkanaltas
Valued Contributor III

Created on ‎08-22-2025 05:24 AM

Hello Umesh,

 

Do your FortiGate and FortiManager have a valid license? Or are they just having an eval license?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
272
0 Kudos
Umesh
Contributor
In response to ozkanaltas

Created on ‎08-26-2025 01:39 AM

Hi ozkanaltas,

 

No, Both fortigate and Fortimanger are evaluation license only.

 

and both are registered with support portal.

 

Can you please tell me why I am not able to registered fortigate with Fortimanager.

 

you can see that getting SSL handshake error while capturing the packet capture.

 

your answer would be much applicable.

 

thanks 

 

 

187
0 Kudos
ozkanaltas
Valued Contributor III
In response to Umesh

Created on ‎08-27-2025 04:30 AM

Hi @Umesh ,

 

The problem might be related to the trial license. Fortigate trial versions have a lower SSL level.

 

You might want to try this. As far as I can see, your Fortigate version is 7.0. Could you try installing Fortigate with a 7.2 version as well?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
144
0 Kudos
gstefou
New Contributor III

Created on ‎08-23-2025 04:28 AM

Hi umesh, 

 

There's an option for FMG-Access on the interface you have the FMG connected to, i have seen that creating some weird problems when it's not enabled.

If your FMG is setup outside your network, you need to check this option on your internet faced interface (WAN). 

 

Can you provide some insights on the way you have the FMG connected on your firewall ? 

218
0 Kudos
Umesh
Contributor
In response to gstefou

Created on ‎08-26-2025 01:41 AM

No Fortigate is directly connected with fortimanger then also it is not getting registered.

 

FYI -  Both fortigate and Fortimanger are evaluation license only.

 

 

 

185
0 Kudos
gstefou
New Contributor III
In response to Umesh

Created on ‎08-27-2025 01:54 AM Edited on ‎08-27-2025 02:12 AM

Do you have the FMG-Access enabled on the interface the fortimanager is connected to ? You may need to enable the Fortinet Security Fabric option. 

 

The evaluation license should be enough for you to connect the Firewall with ForitManager. 

Found this article on the web that may help you -> https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-VM-Trial-License-and-Forti...

 

Note that when you connect your FGT to FMG, you need to connect to your FMG and authorize the Firewall from the Root ADOM you have created. 

Do you mind sharing a screenshot of the FMG when trying to connect the Firewall ?  

159
0 Kudos
omis
New Contributor

Created on ‎08-29-2025 11:09 AM

I have the same issue.

even though I configured both fortimanager and fortigate to use TLSV1, but Foortimanager for some reason keeps trying to establish connection with TLSV1.3 which you can see in the logs :
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,643: TLSv1.3 before SSL initialization
FGFMs: ssl_proto.c,743: TLSv1 write fatal alert: protocol version
FGFMs: ssl_proto.c,758: TLSv1 errorFGFMs:

ssl_proto.c,__get_error,1510, error=1, errno=0,Success, ssl=enc mismatch.

104
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.