Description
This article describes how to troubleshoot AWS/Azure Fabric connector issue in FortiManager.
AWS will be used as example
Solution
Run the debug below if Fabric connector fail to get information:
# diagnose debug service cdb 255
# diagnose debug service cmdb 255
# diagnose debug service dvmcmb 255
# diagnose debug service dvmdb 255
# diagnose debug service fazconf 255
# diagnose debug service main 255
# diagnose debug service sys 255
# diagnose debug service task 255
# diagnose debug application connector 255
# diagnose debug timestamp enable
# diagnose debug enable
Error Message: -1 AWS was not able to validate the provided access.
Possible error message in debug will show as below:
Solution.
Below information will be exactly the same in AWS and FortiManager Fabric connector:
-AWS access key ID.
-AWS secret access key.
-AWS region name.
-AWS VPC ID.
-AWS secret access key.
-AWS region name.
-AWS VPC ID.
Error Message: -2 Import objects from Amazon web services fail.
Solution.
If credential is correct but still FortiManger dynamic object showing error 'import objects from Amazon Web services fail', check at upstream unit if any block.
If credential is correct but still FortiManger dynamic object showing error 'import objects from Amazon Web services fail', check at upstream unit if any block.
If FortiGate or any other firewall present at upstream end, then in upstream device try to create test policy with Source FortiManger and destination all and service all for testing then check if dynamic object working fine.
If after creating test policy Fabric connector working fine.
If still facing issue, contact Fortinet TAC with above debug file.
Related Articles
