Provisioning FortiGate to FortiManager Cloud self-diagnosis
The following provides self-diagnosis instructions for a scenario where you have provisioned a FortiGate to FortiManager Cloud, FortiZTP shows that the provisioning succeeded, but the FortiGate does not appear on FortiManager Cloud.
To self-diagnose this scenario:
- In the FortiOS CLI, check that the central management type is set to FortiGuard:
config system central-management show end
- Check the Anycast status:
config system fortiguard show end
- Check the network connection. Do one of the following:
- If Anycast is enabled, enter the following:
execute ping globallogctrl.fortinet.net
- If Anycast is disabled, enter the following:
execute ping logctrl1.fortinet.com
If ping succeeds, enter the following:
telnet <IP address resolved above> 443
If telnet succeeds, go to the next step.
- If Anycast is enabled, enter the following:
- Attempt connection to FortiGate Cloud:
execute fortiguard-log domain
diagnose debug application forticldd -1 diagnose debug enable execute fortiguard-log join
diagnose fdsm contract-controller-update
Ensure that ‘HomeServer’ returned is a valid FortiDeploy server IP address. If it is 192.168.0.1, that means the device is not properly connected to FortiGate Cloud, and you must rerun the join request or run a login request in CLI:
execute fortiguard-log login <email> <password>
- Check the network connection to the FortiDeploy server:
execute telnet <FortiDeploy server IP address> 541
- Ensure that the management tunnel is established:
diagnose debug application fgfmd -1 diagnose debug enable fnsysctl killall fgfmd
-
Check that FortiManager Cloud pushed a setting script to FortiGate. After FortiManager Cloud pushes the script to FortiGate, central management should be set to FortiManager:
config system central-management
show
end
-
Check the network connection to FortiManager Cloud:
execute ping fortimanager.forticloud.com
If the results of all steps are as expected but the FortiGate still does not show up on FortiManager Cloud, contact the FortiManager Cloud team for further investigation.