Hi,
I get errors when I want to add a device to Fortimanager.
The devices are on the same network and have icmp access to each other. All outputs are as follows. Why am I getting errors, can you help me?
Manager # Request [dvm/cmd:dvm/cmd/discover/device ...:5825:2]:
{ "client": "dvm\/cmd:dvm\/cmd\/discover\/device ...:5825", "id": 2, "method": "exec", "params": [{ "data": { "host": "192.168.1.17", "passwd": "******", "usr": "admin"}, "target start": 1, "url": "probe\/device"}], "root": "deployment", "session": -1}
Chkperm Response [dvm/cmd:dvm/cmd/discover/device ...:5825:2]:
{ "id": 2, "result": [{ "status": { "code": 0, "message": "OK"}, "url": "probe\/device"}], "session": -1}
start_dmsvc_probe_device,788: dev_oid=0, host=192.168.1.17, flags=0x0
__enter_state,440: dev_oid=0, start check_reachable
Start probe_dev.check_reachable ...
__on_state,446: dev_oid=0, check_reachable, done, events=16 r=0
__enter_state,440: dev_oid=0, start start_probe_session
Request [dmserver:885:8]:
{ "client": "dmserver:885", "id": 8, "method": "exec", "params": [{ "data": { "detect_only": 0, "force_probe": 0, "ip": "192.168.1.17", "passwd": "******", "usr": "admin"}, "url": "start\/probe\/session"}], "root": "fgfm"}
Start probe_dev.start_probe_session ...
Response [unknown]:
{ "id": 8, "result": [{ "status": { "code": 1, "message": "internal error"}, "url": "start\/probe\/session"}]}
__on_state,446: dev_oid=0, start_probe_session, done, events=8 r=0
__fgfm_cb,619: error: probe_status=1, proto=1
__p_o_cleanup,548: cleanup...
__p_finish,539: status=-15, has_devinfo=0
Response [dvm/cmd:dvm/cmd/discover/device ...:5825:2]:
{ "id": 2, "result": [{ "status": { "code": -35007, "message": "Fgfm protocol error"}, "url": "probe\/device"}]}
__o_cleanup,119: fgfm probe cleanup...
Request [dvm/cmd:dvm/cmd/discover/device ...:5966:2]:
{ "client": "dvm\/cmd:dvm\/cmd\/discover\/device ...:5966", "id": 2, "method": "exec", "params": [{ "data": { "host": "192.168.1.17", "passwd": "******", "usr": "admin"}, "target start": 1, "url": "probe\/device"}], "root": "deployment", "session": -1}
Chkperm Response [dvm/cmd:dvm/cmd/discover/device ...:5966:2]:
{ "id": 2, "result": [{ "status": { "code": 0, "message": "OK"}, "url": "probe\/device"}], "session": -1}
start_dmsvc_probe_device,788: dev_oid=0, host=192.168.1.17, flags=0x0
__enter_state,440: dev_oid=0, start check_reachable
Start probe_dev.check_reachable ...
__on_state,446: dev_oid=0, check_reachable, done, events=16 r=0
__enter_state,440: dev_oid=0, start start_probe_session
Request [dmserver:885:9]:
{ "client": "dmserver:885", "id": 9, "method": "exec", "params": [{ "data": { "detect_only": 0, "force_probe": 0, "ip": "192.168.1.17", "passwd": "******", "usr": "admin"}, "url": "start\/probe\/session"}], "root": "fgfm"}
Start probe_dev.start_probe_session ...
Response [unknown]:
{ "id": 9, "result": [{ "status": { "code": 1, "message": "internal error"}, "url": "start\/probe\/session"}]}
__on_state,446: dev_oid=0, start_probe_session, done, events=8 r=0
__fgfm_cb,619: error: probe_status=1, proto=1
__p_o_cleanup,548: cleanup...
__p_finish,539: status=-15, has_devinfo=0
Response [dvm/cmd:dvm/cmd/discover/device ...:5966:2]:
{ "id": 2, "result": [{ "status": { "code": -35007, "message": "Fgfm protocol error"}, "url": "probe\/device"}]}
__o_cleanup,119: fgfm probe cleanup...
Regards,
Umit.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Umit,
If your FMG CLI able to enable the configuration below please enabled it.
#config system global
#set fgfm-peercert-withoutsn enable
While adding the device from FMG, in your FGT CLI, please run the command below:
#exec central-mgmt register-device <FMG S/N> <password>
To start off, please follow this troubleshooting guide for Fortigate-FortiManager connections: https://community.fortinet.com/t5/FortiManager/Troubleshooting-Tip-How-to-troubleshoot-connectivity-...
From your sniffer packet snippet, I can see that the traffic from Fortigate is egressing port1. Assuming that port1 is the interface that you reach FortiManager with, please ensure that you have 'FMG-Access' enabled in the port configuration's Administrative Access.
Hi,
The outputs are as follows.
the problem persists.
------------------------------------------------------------
Spokee # execute telnet 192.168.1.18 541
Trying 192.168.1.18...
Connected to 192.168.1.18.
Spokee # diagnose fdsm central-mgmt-status
Connection status: Down
Registration status: Unknown
Serial:
Spokee # 20
2024-06-04 10:55:22 FGFMs: client:send:
get ip
serialno=FGVMEVN7VT1RL55D
mgmtid=757398627
platform=FortiGate-VM64
fos_ver=700
minor=0
patch=15
build=632
branch=632
maxvdom=1
fg_ip=192.168.1.17
hostname=Spokee
harddisk=yes
biover=04000002
harddisk_size=30720
logdisk_size=30235
mgmt_mode=normal
enc_flags=0
first_fmgid=
probe_mode=yes
vdom=root
intf=port1
2024-06-04 10:55:22 FGFMs: serial no FMG-VMTM24008871 saved to FMG detect file
2024-06-04 10:55:23 FGFMs: Cleanup session 0xffceab0, 192.168.1.18.
2024-06-04 10:55:23 FGFMs: Destroy session 0xffceab0, 192.168.1.18.
2024-06-04 10:55:23 FGFMs: Create session 0xffceab0.
2024-06-04 10:55:23 FGFMs: setting session 0xffceab0 exclusive=0
2024-06-04 10:55:23 FGFMs: Connect to 192.168.1.18:541, local 192.168.1.17:1410.
2024-06-04 10:55:23 FGFMs: set_fgfm_sni SNI<support.fortinet-ca2.fortinet.com>
2024-06-04 10:55:23 FGFMs: Load Cipher [ALL:!RC4:!EXPORT:@STRENGTH]
2024-06-04 10:55:23 FGFMs: Cleanup session 0xffceab0, 192.168.1.18.
2024-06-04 10:55:23 FGFMs: Destroy session 0xffceab0, 192.168.1.18.
2024-06-04 10:55:23 FGFMs: __detect_fmg_create: start a new detect request(192.168.1.18)
2024-06-04 10:55:23 FGFMs: Create session 0xffcafe0.
2024-06-04 10:55:23 FGFMs: setting session 0xffcafe0 exclusive=0
2024-06-04 10:55:23 FGFMs: Connect to 192.168.1.18:541, local 192.168.1.17:6215.
2024-06-04 10:55:23 FGFMs: set_fgfm_sni SNI<support.fortinet-ca2.fortinet.com>
2024-06-04 10:55:23 FGFMs: Load Cipher [ALL:!RC4:!EXPORT:@STRENGTH]
2024-06-04 10:55:23 FGFMs: __handle_detect_fmg_req: detect session doesn't exist, start a new one
2024-06-04 10:55:23 FGFMs: before SSL initialization
2024-06-04 10:55:23 FGFMs: CA to broadcast: subject fortinet-subca2003, issuer fortinet-ca2
2024-06-04 10:55:23 FGFMs: CA to broadcast: subject support, issuer support
2024-06-04 10:55:23 FGFMs: CA to broadcast: subject fortinet-ca2, issuer fortinet-ca2
2024-06-04 10:55:23 FGFMs: CA to broadcast: subject fortinet-subca2001, issuer fortinet-ca2
2024-06-04 10:55:23 FGFMs: Broadcast 4 CA subject names to FMG
2024-06-04 10:55:23 FGFMs: SSLv3/TLS write client hello
2024-06-04 10:55:23 FGFMs: [__get_error:1052] error=5, errno=104,Connection reset by peer.
2024-06-04 10:55:24 FGFMs: Cleanup session 0xffcafe0, 192.168.1.18.
2024-06-04 10:55:24 FGFMs: Destroy session 0xffcafe0, 192.168.1.18.
2024-06-04 10:55:25 FGFMs: __detect_fmg_destroy_internal: send detect fmg resp for 192.168.1.18 to client
2024-06-04 10:55:25 FGFMs: __send_detect_fmg_response: sending detect fmg response to client succeeded
2024-06-04 10:55:25 FGFMs: __remove_detect_fmg: Removing detect fmg service
2024-06-04 10:55:25 FGFMs: Destroy stream_svr_obj
Hi Umit,
If your FMG CLI able to enable the configuration below please enabled it.
#config system global
#set fgfm-peercert-withoutsn enable
While adding the device from FMG, in your FGT CLI, please run the command below:
#exec central-mgmt register-device <FMG S/N> <password>
Hi,
Thank you for your help.
The set fgfm-peercert-withoutsn enable command solved my problem.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.