Fortinet black logo

Administration Guide

Home FortiZTP Administration Guide

Provisioning FortiGate to FortiManager Cloud self-diagnosis

Provisioning FortiGate to FortiManager Cloud self-diagnosis

The following provides self-diagnosis instructions for a scenario where you have provisioned a FortiGate to FortiManager Cloud, FortiZTP shows that the provisioning succeeded, but the FortiGate does not appear on FortiManager Cloud.

To self-diagnose this scenario:
  1. In the FortiOS CLI, check that the central management type is set to FortiGuard: 
    config system central-management
show
end

  2. Check the Anycast status:
    config system fortiguard
show
end

  3. Check the network connection. Do one of the following:
    1. If Anycast is enabled, enter the following:
      execute ping globallogctrl.fortinet.net
    2. If Anycast is disabled, enter the following:
      execute ping logctrl1.fortinet.com

    If ping succeeds, enter the following:

    telnet <IP address resolved above> 443

    If telnet succeeds, go to the next step.

  4. Attempt connection to FortiGate Cloud:
    execute fortiguard-log domain
    diagnose debug application forticldd -1
diagnose debug enable
execute fortiguard-log join
    							
diagnose fdsm contract-controller-update

    Ensure that ‘HomeServer’ returned is a valid FortiDeploy server IP address. If it is 192.168.0.1, that means the device is not properly connected to FortiGate Cloud, and you must rerun the join request or run a login request in CLI:

    execute fortiguard-log login <email> <password>
  5. Check the network connection to the FortiDeploy server:
    execute telnet <FortiDeploy server IP address> 541
  6. Ensure that the management tunnel is established: 
    diagnose debug application fgfmd -1
diagnose debug enable
fnsysctl killall fgfmd
  7. Check that FortiManager Cloud pushed a setting script to FortiGate. After FortiManager Cloud pushes the script to FortiGate, central management should be set to FortiManager:

    config system central-management

    show

    end

  8. Check the network connection to FortiManager Cloud:
    execute ping fortimanager.forticloud.com

If the results of all steps are as expected but the FortiGate still does not show up on FortiManager Cloud, contact the FortiManager Cloud team for further investigation.

Previous
Next

Provisioning FortiGate to FortiManager Cloud self-diagnosis

The following provides self-diagnosis instructions for a scenario where you have provisioned a FortiGate to FortiManager Cloud, FortiZTP shows that the provisioning succeeded, but the FortiGate does not appear on FortiManager Cloud.

To self-diagnose this scenario:
  1. In the FortiOS CLI, check that the central management type is set to FortiGuard: 
    config system central-management
show
end

  2. Check the Anycast status:
    config system fortiguard
show
end

  3. Check the network connection. Do one of the following:
    1. If Anycast is enabled, enter the following:
      execute ping globallogctrl.fortinet.net
    2. If Anycast is disabled, enter the following:
      execute ping logctrl1.fortinet.com

    If ping succeeds, enter the following:

    telnet <IP address resolved above> 443

    If telnet succeeds, go to the next step.

  4. Attempt connection to FortiGate Cloud:
    execute fortiguard-log domain
    diagnose debug application forticldd -1
diagnose debug enable
execute fortiguard-log join
    							
diagnose fdsm contract-controller-update

    Ensure that ‘HomeServer’ returned is a valid FortiDeploy server IP address. If it is 192.168.0.1, that means the device is not properly connected to FortiGate Cloud, and you must rerun the join request or run a login request in CLI:

    execute fortiguard-log login <email> <password>
  5. Check the network connection to the FortiDeploy server:
    execute telnet <FortiDeploy server IP address> 541
  6. Ensure that the management tunnel is established: 
    diagnose debug application fgfmd -1
diagnose debug enable
fnsysctl killall fgfmd
  7. Check that FortiManager Cloud pushed a setting script to FortiGate. After FortiManager Cloud pushes the script to FortiGate, central management should be set to FortiManager:

    config system central-management

    show

    end

  8. Check the network connection to FortiManager Cloud:
    execute ping fortimanager.forticloud.com

If the results of all steps are as expected but the FortiGate still does not show up on FortiManager Cloud, contact the FortiManager Cloud team for further investigation.

Previous
Next