Technical Tip: How to add a Fortinet FortiManager in vRealize Network Insight

Requirement:

FortiManager admin user must have:

1. Access to all ADOMs and policy packages.
2. JSON API read-write access.

FortiManager:

1. To create a new admin user through the FortiManager GUI:
   Navigate to FortiManager GUI -> System Settings -> Admin -> Administrator -> Create New -> Enter the details.
   Note: Make sure the Administrative Domain is All ADOMs, and the JSON API access is Read-Write.

2. To create a new admin user through the FortiManager CLI:

config system admin user

edit fmg-vrealize

set rpc-permit read-write

set profileid Super_User

set password fortinet

end

vRealize Network Insight

See the vRealize Network Insight documentation for steps on how to add a FortiManager.

Troubleshooting tips (for invalid credentials):

1. Run the following CLI commands in FortiManager-CLI:

diagnose debug application auth 255
diagnose debug enable

2. Proceed to validate again from vRealize
3. Verify the FortiManager debug output message:

Sample output (success)
FMG-VM64-KVM # diagnose debug application auth 255
FMG-VM64-KVM # diagnose debug enable
s3303: auth request: user=fmg-vrealize from=JSON(10.47.48.182)
s3303: found admin: fmg-vrealize
s3303: start local: fmg-vrealize
s3303:fmg-vrealize: success
s3303: auth result: success

Sample output (Denied)
FMG-VM64-KVM # diagnose debug application auth 255
FMG-VM64-KVM # diagnose debug enable
s3303: auth request: user=fmg-vrealize from=JSON(10.47.48.182)
s3303: found admin: fmg-vrealize
s3303: start local: fmg-vrealize
s3303:fmg-vrealize: denied
s3303: auth result: denied

Related documents:

Add a Fortinet FortiManager - VMware vRealize Network Insight documentation.