- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiManager: error while added a firewall
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiManager: error while added a firewall
Hi All,
I'm getting a error " Failed to retrieve configuration from device" when adding a new firewall @ 'Retrieving configuration'.
When I checked the events: "fgfm connection to device FGT-FWxxxx down" please referthe screenshot attached.
Thanks in advance !!!
Regards,
Sri
Warmest Regards,
Sri Sre
Warmest Regards, Sri Sre
Labels:
- Labels:
-
FortiManager
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like the same issue you ran into about a year ago:
https://forum.fortinet.com/tm.aspx?m=137919
If the proper firmware path is not followed when upgrading, or if a factory reset is not done after downgrading, this can happen. The FortiGate is left with categories the FMG doesn't recognize as valid, and import fails.
The easiest way I have found to be able to see the actual error encountered is to have the FortiGate pre-registered first, and then add it.
1) Delete the FGT from FMG (if still present)
2) Configure the FGT to point to FMG
3) The FGT should show up as an unregistered device in the root ADOM on FMG
4) Go through the normal add process
5) During the config import when it fails you can drill down to see the error*
* IIRC though, it only shows you the first error encountered. Last time this happened to me, I ended up having to do it twice to catch both invalid categories.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lukasz,
Thanks a lot for the response.
Sounds like the same issue you ran into about a year ago:
Yes but this time the case has no evidence to prove the error
1) Delete the FGT from FMG (if still present)
Delete it 2-3 times and tried
2) Configure the FGT to point to FMG
Done already, still no luck
3) The FGT should show up as an unregistered device in the root ADOM on FMG
I used to check root ADOM always, but this time it is not the case
4) Go through the normal add process
Yes added directly to the fortimanager and tried to send the add request from device too, still no luck
5) During the config import when it fails you can drill down to see the error*
this is the part I was refering that there is no error presented in the event logs / task manager (was looking for that web-filter error like last time)
Any idea how to fix it ?
Ticket has been raised with fortinet support.
Thanks in advance !!!
Regards,
Sridhar
Warmest Regards,
Sri Sre
Warmest Regards, Sri Sre
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sridharsre wrote:
this is the part I was refering that there is no error presented in the event logs / task manager (was looking for that web-filter error like last time)
Not the event logs or task manager, but in the window during the add process where it fails.
I've only seen it when I add an unregistered device from the root ADOM. I don't have a screenshot handy, but the window is different than the one you posted above. There is a little icon near where it says it failed. You end up having to drill-down through two little icons. Then I think you need to hover over where it shows the error - because you can't scroll over. But if you hover your mouse pointer over the error you should get a little pop-up window that shows the full text of the error - you need to manually write it down.
Barring that, if you are able, you may want to factory default the FortiGate and re-configure it manually.
Hope that helps, good luck!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
seems FMG tunnel access to FGT has some problem
what is FMG and FGT version?
can you enable below debug on FMG and FGT when add device?
FMG: diagnose debug application fgfmsd 255
FGT: diagnose debug application fgfmd 255
and on FGT, also check for get system central-management
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lukasz,
Thanks for the Information. As I tried multiple times, now only the device added to root ADOM.
Hi Simon,
tried as you said, no output came and gets the right results of fortimanager for "get system central-management" in the fortigate. no luck :(
Fortigate: v5.2.4,build688 (GA)
FortiManager: v5.4.2-build151 161213 (GA)
Thanks in advance !!!
Regards,
Sridhar
Warmest Regards,
Sri Sre
Warmest Regards, Sri Sre
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tried as you said, no output came
-- forgot to say, need to do "diag debug enable" first
and gets the right results of fortimanager for "get system central-management" in the fortigate
-- so you see correct FMG SN in the result?
thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have the same problem, any solution?
Related Posts
- Import Firewall Policies from CLI or... 38 Views
- Two different websites (domains) on two... 91 Views
- access problems towards vpn s2s 160 Views
- Ran a script to create IP... 84 Views
- Automatically Ban Malicious Inbound IPs using... 227 Views
Labels
-
FortiGate
6,520 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
240 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.