Troubleshooting
Error messages in the FortiManager Integration App GUI and in the ServiceNow Application Logs indicate the problem and usually includes recommendations to correct the issue.
Connection issues
To troubleshoot connection issues between FortiManager and the FortiManager Integration App:
- In FortiManager, go to System Settings > Admin > Administrators.
- Click the account used for integration with the FortiManager Integration App and check that settings are correct.
- Check that you have set up JSON-RPC permission correctly.
- Go to the FortiManager Integration App System Properties.
- Check that the connection settings are correct, especially the domain name, port number, ADOMs, and API credentials.
See Configuring the FortiManager Integration App.
If connection settings are incorrect, the app displays an error message when you click Save.
- Check that you are using a supported version.
- Check that the connection settings are correct, especially the domain name, port number, ADOMs, and API credentials.
- Check that the FortiManager is missing a certificate, or if the certificate is incomplete. ServiceNow requires a trusted certificate on FortiManager to establish a secured connection.
- In ServiceNow, go to Application Log > Errors.
The following error may indicate the certificate is incomplete:
fileName:;line:0;errorMessage:org.apache.commons.httpclient.HttpException:SSLPeerUnverifiedException
- Use a third-party service such as digicert or sslshopper to identify the errors on the FortiManager side.
- In FortiManager, go to System Settings > Certificates, to fix the certificate errors, such as adding an intermediate CA certificate.
- In ServiceNow, go to Application Log > Errors.
The following error may indicate the certificate is incomplete:
Other issues
Issue |
Possible solutions |
---|---|
Cannot update FortiManager System Properties |
Check that your account has |
Cannot see FortiManager scripts in GUI selection menu |
Check that the script prefix is set correctly. |
Cannot see devices for a Policy Package script |
Check that the devices are in the FortiManager Installation Targets for the selected Policy Package. |
To view log message errors, go to ServiceNow, click All applications and search for System Log. Then select Application Logs.
In the App Log pane, check for errors. You can filter by keywords to search for messages.
Performance considerations
The following values have been tested. Higher values might work but have not been tested.
Maximum ADOMs |
5 |
Maximum FortiGates per ADOM |
100 |
Maximum policy packages per ADOM |
20 |
Maximum installation targets per policy package |
100 |
Maximum objects per ADOM |
20 schedules, 100 services, 800 addresses, 80 interfaces |