Adding FortiManager to Aria Operations for Networks as datasource fails with error Fortinet FortiManager: Something went wrong, please contact support.
Article ID: 395098
Updated On:
Products
Issue/Introduction
Adding FortiManager to Aria Operations for Networks as datasource fails with error Fortinet FortiManager: Something went wrong, please contact support.
Error is seen when validate is attempted. Refer to error screenshot as below:
Collector appliance logs at location /var/log/arkin/collector shows below error/exceptions:
2025-03-28T16:32:06.501Z WARN core.common.DataProviderFactory collector-process-msg-exec-351 validateCredentials:495 Connection validation for FORTINET initiated with config: _collectorId:I6FUY7AL#######0GZR4THT1R
HOST:https://fortimanager_IP_address_FQDN
USER:<username>
PWD:_______
dpId:FORTINET_fortimanager_IP_address_FQDN
ENCRYPTED_CONFIG:true
2025-03-28T16:32:06.502Z INFO dataprovider.southbound.AbstractDPConnectionEntity collector-process-msg-exec-351 isCertValidationEnabled:141 FeatureManager check false
2025-03-28T16:32:06.502Z INFO storage.config.FeatureSetCache collector-process-msg-exec-351 getFeatureSetsfromKeyVal:135 Getting Editions from KeyVal
2025-03-28T16:32:06.502Z INFO storage.config.FeatureSetCache collector-process-msg-exec-351 getFeatureSetsfromKeyVal:138 No license edition for system cid
2025-03-28T16:32:06.503Z INFO fortinet.southbound.FortinetApiClient collector-process-msg-exec-351 <init>:119 Fortinet Page limit set to 100
2025-03-28T16:32:06.503Z INFO dataprovider.southbound.AbstractDPHttpsConnectionEntity_ClosableHttpClientWrapper NSXT_nsxt-mgrl-bby.vcontrol.sfu.ca_Config_OpMgr_Policy-0 checkRateLimit:466 time spent to acquire permits 0.035729 for path /policy/api/v1/infra/realized-state/realized-entities
2025-03-28T16:32:06.510Z ERROR fortinet.southbound.FortinetConnectionEntity collector-process-msg-exec-351 isAlive:43 Error while logging in
javax.net.ssl.SSLHandshakeException: null
at sun.security.ssl.Alert.createSSLException(Alert.java:131) _[_:_]
2025-03-28T16:32:45.072Z ERROR fortinet.southbound.FortinetConnectionEntity collector-process-msg-exec-351 isAlive:43 Error while logging in
com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: <_DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
2025-03-28T16:32:45.072Z WARN common.utils.CommonUtils collector-process-msg-exec-351 logException:2678 Connection not alive for: FORTINET
java.lang.Exception: null
at com.vnera.dataproviders.core.common.DataProviderFactory.validateCredentials(DataProviderFactory.java:540) _[dataproviders-0.001-SNAPSHOT.jar:_]
at com.vnera.dataproviders.core.common.DataProviderFactory.validateCredentials(DataProviderFactory.java:470) _[dataproviders-0.001-SNAPSHOT.jar:_]
at com.vnera.collector.core.engine.SaasCommandProcessor.processMessage(SaasCommandProcessor.java:372) _[collector-0.001-SNAPSHOT.jar:_]
at com.vnera.collector.core.saascommunication.SaasListener.lambda_receiveMessage_0(SaasListener.java:116) _[collector-0.001-SNAPSHOT.jar:_]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [_:_]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [_:_]
at java.util.concurrent.ThreadPoolExecutor_Worker.run(ThreadPoolExecutor.java:635) [_:_]
at java.lang.Thread.run(Thread.java:840) [_:_]
Caused by: com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: <_DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Caused by: com.vnera.dataproviders.core.common.impl.dataprovider.southbound.exceptions.CustomCertificateException
at com.vnera.dataproviders.core.common.impl.dataprovider.security.ssl.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:129) _[dataproviders-0.001-SNAPSHOT.jar:_]
at com.vnera.dataproviders.core.common.impl.dataprovider.security.ssl.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:75) _[dataproviders-0.001-SNAPSHOT.jar:_]
at sun.security.ssl.CertificateMessage_T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) _[_:_]
... 36 more
Curl command with jsonrpc is failing with 400 bad request, refer to screenshot below:
Environment
Aria Operations for Networks 6.10.0
Aria Operations for Networks 6.11.0
Aria Operations for Networks 6.12.0
Aria Operations for Networks 6.12.1
Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0
Cause
It appears that there is some special configuration for jsonrpc which either is blocked or not configured correctly.
This is what is needed as while adding Fortinet manager to Aria Operations for Networks as this API with jsonrpc is used to manage the device.
Resolution
This is not issue with Aria Operations for Networks product as when using postman with same API and that also failed with same error 400 Bad Request as seen on curl command.
Refer to below screenshot:
To resolve this issue:
1. You need to work and open support ticket with Fortinet support to see if there is a different kind of configuration needed for jsonrpc and if yes it needs to configured that way.
2. This configuration could be on the GUI of the Fortinet manger or could be done via the CLI. Get more clarify on how this is done and Fortinet support should be able to share the right procedure.
3. Once this configuration is done correctly on the Fortinet manger side, then you can attempt to add Fortinet manger via Aria Operations for Networks GUI and it should allow you to add it.
Feedback
