Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akawade
Staff
Staff

Created on ‎04-30-2020 08:55 AM Edited on ‎11-01-2023 10:23 PM By Community Manager

Article Id 197318

Trobleshooting Tip: Getting error 'Probe Failed' message while adding FortiGate to FortiManager

Description

 

This article provides information on how to prevent the 'Probe failed' error which sometimes appears while adding a FortiGate to FortiManager.

 

Scope

 

FortiGate, FortiManager.

Solution

 

The generic 'Probe Failed' message may appear for multiple different reasons or during different occasions, including the following:

 

  • The FortiGate to be added is already present on FortiManager as unregistered.
  • The admin credentials used to add the unit are incorrect.
  • The 'fgfm-access' is not enabled on 'mgmt' interface.
  • There are connectivity problems preventing the FortiManager from reaching the FortiGate.
  • The FortiOS version on the FortiGate is not supported by the FortiManager.

 

Check the following to prevent the error from occurring:

 

  • The FortiGate has to be registered in the support portal.
  • Enable the 'fgfm-access' on connecting interface and has to be disabled from other unused interfaces.
  • The FortiManager IP has to be correctly mentioned.
  • Set the 'enc-algorithm' from default to high on the FortiGate.

An SSL connection can be configured between the two units and an encryption level can be selected.

Use the following CLI commands to configure the connection:

 

config system central-management   
    set enc-algorithm {default | high | low}
end

 

The default encryption automatically sets high and medium encryption algorithms.
The algorithms used for high, medium, and low follow open SSL definitions:

 

  • High: key lengths larger than 128 bits, and some cipher suites with 128-bit keys.
  • Medium: key strengths of 128 bit encryption.
  • Low: key strengths of 64 or 56 bit encryption algorithms, excluding export cipher suites.

 

Additionally, it is recommended to check the following debug logs on the FortiManager side:

 

diagnose debug reset
diagnose debug disable
diagnose debug application depmanager 0
diagnose debug application depmanager 255
diagnose debug enable


Next, check if adding the FortiGate to FortiManager is possible and authorize the unit on FortiManager.

If the issue still persists, restart the 'fgfm process' to test.
If not, reboot the Fortigate and check.
If the issue still persists afterwards, perform a flash format on FortiGate and load the firmware to test it. See the related article below.

Related article:

Technical Tip: FortiGate Flash Format process.

Labels:
25256
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.