• Matt Sherif

Troubleshooting a device that won't add to FortiManager

I was working in the lab this morning and wanting to build an ADVPN infrastructure with real FortiGates (VMware server is running out of room, figure I can offload where I can).


I added my FortiGates to FortiManager, and when I went to authorize, they all succeeded save for one, I got this message:



Curious, I wasn't sure what to make of this. So I decided to check the CLI Reference Guide to see what CLI tools were available to figure this out. I came across this one:


diagnose test deploymanager reloadconf <devid>

Hmmm interesting - this seems to effectively be the same as "retrieve config" from the GUI. But I need the device ID, ok, I know this one:


diagnose dvm device list

This is what I got:

Note the OID - in this case our device is ID 381

Ok cool, so now I can run the deploymanager test:


Now I think I found my issue, but I don't fully understand the output. A little digging with colleagues led me to think this is the bit of FortiGate config that is causing FortiManager to choke. So I decided to look at this on the FortiGate in question:


show firewall internet-service-name

Hmmmm... well this is certainly an issue, this FortiGate is running a near base config, with only the WAN IPs, gateway, and SD-WAN configured. I have seen blank entries in the ISDB cause other issues in the past, so it's probably a good idea to delete this.


Attempt #1:

Well, it was worth a shot. Dang it!


Attempt #2:


What I did here was just export the config, open it in my favorite text editor and delete the offending entry. I then restored the config and rebooted the FortiGate.


Upon reboot, I double checked the ISDB again:

Hooray! it's gone! Ok, now to retrieve the config from FMG:

Great! FortiManager is happy now.



Takeaway:


If you're having trouble retrieving the config from a FortiGate, take a look at the diagnose commands above, they may be able to help you identify where there's an issue in your config.


Hopefully this helps. Thank you for reading.

88 views