• Matt Sherif

Troubleshooting a device that won't add to FortiManager

I was working in the lab this morning and wanting to build an ADVPN infrastructure with real FortiGates (VMware server is running out of room, figure I can offload where I can).


I added my FortiGates to FortiManager, and when I went to authorize, they all succeeded save for one, I got this message:



Curious, I wasn't sure what to make of this. So I decided to check the CLI Reference Guide to see what CLI tools were available to figure this out. I came across this one:


diagnose test deploymanager reloadconf <devid>

Hmmm interesting - this seems to effectively be the same as "retrieve config" from the GUI. But I need the device ID, ok, I know this one:


diagnose dvm device list

This is what I got:

Note the OID - in this case our device is ID 381

Ok cool, so now I can run the deploymanager test:


Now I think I found my issue, but I don't fully understand the output. A little digging with colleagues led me to think this is the bit of FortiGate config that is causing FortiManager to choke. So I decided to look at this on the FortiGate in question:


show firewall internet-service-name

Hmmmm... well this is certainly an issue, this FortiGate is running a near base config, with only the WAN IPs, gateway, and SD-WAN configured. I have seen blank entries in the ISDB cause other issues in the past, so it's probably a good idea to delete this.


Attempt #1:

Well, it was worth a shot. Dang it!


Attempt #2:


What I did here was just export the config, open it in my favorite text editor and delete the offending entry. I then restored the config and rebooted the FortiGate.


Upon reboot, I double checked the ISDB again:

Hooray! it's gone! Ok, now to retrieve the config from FMG:

Great! FortiManager is happy now.



Takeaway:


If you're having trouble retrieving the config from a FortiGate, take a look at the diagnose commands above, they may be able to help you identify where there's an issue in your config.


Hopefully this helps. Thank you for reading.

48 views

Recent Posts

See All