Hot!Unable to add a model device by serial number (But Success when using Discover and PSK)

Author
microivans
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/06/13 14:14:33
  • Status: offline
2020/06/13 14:28:16 (permalink)
0

Unable to add a model device by serial number (But Success when using Discover and PSK)

Hi guys,
 
I am testing add new FGTs on FMG. Here are the model I am using:
 
FMG-VM64-KVM6.2.5 and FortiOS-VM64-KVM 6.2.3. Both are Free Trial.
 
I have tried to use Discover Wizzard and PSK to add FGTs, they are working fine. But when I use the SN number. It's failed.
 
Debug information shown on FMG:
 
Request:
{ "client": "dmserver:548", "id": 384, "method": "exec", "params": [{ "data": { "device": 134, "force": 0}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}
FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:send:
put auth
user=admin
passwd=******

FGFMs(FOSVM1RLGAWWG0A3-134-192.168.236.100): server:
reply 501
request=auth

Response:
{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}
Response:
{ "id": 384, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}
 
 
Has anyone encounter same issue before. I am guessing the admin password on FMG mismatches with that on FGT. But I already try several time to modify the password. Still same result.
 
Here are some of me reference links:
 
https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/615344/adding-a-model-device
https://kb.fortinet.com/kb/documentLink.do?externalID=FD48001
https://forum.fortinet.com/m/tm.aspx?m=177241&p=2
 
My current configuration:
 
FMG:
 
FMG-VM64-KVM # show system global
config system global
set adom-status enable
set enc-algorithm low
set fgfm-ssl-protocol tlsv1.0
set usg enable
end
 
FGT:
 
TEST # show system central-management
config system central-management
set type fortimanager
set fmg "192.168.236.99"
set fmg-source-ip 192.168.236.100
set enc-algorithm default
end
#1

3 Replies Related Threads

    neonbit
    Expert Member
    • Total Posts : 559
    • Scores: 72
    • Reward points: 0
    • Joined: 2013/07/02 21:39:52
    • Location: Dark side of the moon
    • Status: offline
    Re: Unable to add a model device by serial number (But Success when using Discover and PSK 2020/06/14 06:36:39 (permalink)
    0
    I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?
     
    I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.
    #2
    microivans
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/13 14:14:33
    • Status: offline
    Re: Unable to add a model device by serial number (But Success when using Discover and PSK 2020/06/14 12:38:42 (permalink)
    0
    neonbit
    I have a feeling that the FMG won't let you add the FGT VM trial SN to the device. By trial I'm assuming you're talking about a brand new VM with no license loaded?
     
    I'd recommend you request a 60day trial license for the FGT, it will provide it with a real SN which should work.




    Thanks neonbit for the advice. Yes I haven't load any licence to the FGT. Let me try it and update here.
    #3
    microivans
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/13 14:14:33
    • Status: offline
    Re: Unable to add a model device by serial number (But Success when using Discover and PSK 2020/11/29 20:37:03 (permalink)
    0
    Just found the answer.
     
    By default, FMG will use username admin and empty password to build up the FGFM tunnel. But if you login to FGT to add basic config, you are forced to change the default (empty) password. To method to solve the issue:
     
    1. Use USB to load basic config.
    2. Create another super user on FGT and delete the password of user 'admin'.
    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5