Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
heng
Staff
Staff

Created on ‎08-27-2023 11:29 PM Edited on ‎08-27-2023 11:30 PM By Community Manager

Article Id 270616

Technical Tip: Login failed when importing a Web Filter Profile from FortiManager into FortiClient EMS

Description This article describes how to identify when login failed in importing a Web Filter Profile from FortiManager into FortiClient EMS.
Scope FortiManager, FortiClient EMS.
Solution

When importing the Web Filter profile with a login, a fail error is seen in the FortiClient EMS. Such an error will be visible as the below screenshot when importing initially or syncing the web filter profile in the FortiClient EMS GUI -> Endpoint Profiles -> Web Filter -> Import -> Import from FortiGate/FortiManager:

 

image.png

In the FortiClient EMS server, it is possible to navigate to the debug log file in C:\Program Files (x86)\Fortinet\FortiClientEMS\Fcm\logs to further identify. Sample of failed login log in the debug log:

 

2023-08-28 10:42:01,525 INFO request_handler POST /api/v1/forti_products/FortiManager/profiles/pull admin 10.47.4.66 Default application/json manual
2023-08-28 10:42:04,562 ERROR errors Traceback (most recent call last):
File ".\fcm\fcm\decorators\errors.py", line 29, in handle_errors
File ".\fcm\fcm\decorators\api_prep.py", line 82, in inner
File ".\fcm\fcm\decorators\api_prep.py", line 80, in inner
File ".\fcm\fcm\controllers\forti_product_controller.py", line 102, in pull_profiles
File ".\fcm\fcm\models\forti_product\forti_manager.py", line 59, in connect
File ".\fcm\fcm\models\forti_product\forti_manager.py", line 247, in _get_result
fcm.models.forti_product.forti_product.FortiProduct.Error: Login fail

 

In FortiManager, it is possible to check under the system event logs as well as the alert message console in the dashboard for the login error:

 

image.png

 

The possible causes are as follows, 

 

  • Issue: FortiClient EMS is set with the wrong credential when performing the import.
  • Solution: Fix by setting with the correct password. 

 

image.png

 

  • Issue: FortiManager does not have the user admin created. 
  • Solution: Create the user admin in the FortiManager. 

 

image.png

 

  • Issue: The user admin created in FortiManager's JSON API Access permission is not set to read-write.  
  • Solution: Fix by setting the JSON API Access with the read-write permission.

 

image.png

 

  • Issue: FortiManager interface Administrative Access is not enabled with HTTPS.
  • Solution: Fix by enabling the HTTPS under the Administrative Access under the interface. 

 

image.png

 

  • Issue: The trusted hosts for the created user admin do not allow access from the FortiClient EMS as the source IP address.
  • Solution: Fix by adding the FortiClient EMS source IP address in the trusted hosts. 

 

image.png

 

  • Issue: FortiManager is set with a custom HTTPS port number rather than the default port TCP/443. 
  • Solution: Fixed by an IP: Port format setting in FortiClient EMS.

 

    config system admin setting
      set https_port 5433
    end

         

image.png
605
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.