Skip to main content
tonylin1
Staff
tonylin1
Staff
May 19, 2026

Technical Tip: 'Connection closed by 169.254.0.1' show up after CLI command 'execute ha manage'.

  • May 19, 2026
  • 0 replies
  • 77 views

Description

This article describes how to troubleshoot the CLI command 'execute ha manage' when 'Connection closed by 169.254.0.1' shows up.

Scope

FortiGate.

Solution

  • CLI command 'execute ha manage' is the command to manage an individual cluster.


When the error message comes out as below:


FGT-Master# execute ha manage 0 admin
Connection closed by 169.254.0.1


It means the SSH connection between FGT-Master and FGT-Slave is having an issue.

  1. Check the SSH port 22 packet. FGT-Master will try to connect to FGT-Save.


FGT-Save # diagnose sniffer packet any 'host 169.254.0.1 and tcp and port 22' 4 0 l
2026-05-14 10:31:56.371840 port_ha in 169.254.0.2.12562 -> 169.254.0.1.22: syn 3157829149
2026-05-14 10:31:56.371867 port_ha out 169.254.0.1.22 -> 169.254.0.2.12562: syn 3606865256 ack 3157829150
2026-05-14 10:31:56.371869 ha out 169.254.0.1.22 -> 169.254.0.2.12562: syn 3606865256 ack 3157829150
2026-05-14 10:31:56.371928 port_ha in 169.254.0.2.12562 -> 169.254.0.1.22: ack 3606865257
2026-05-14 10:31:56.372408 port_ha in 169.254.0.2.12562 -> 169.254.0.1.22: psh 3157829150 ack 3606865257
2026-05-14 10:31:56.372411 port_ha out 169.254.0.1.22 -> 169.254.0.2.12562: ack 3157829167
2026-05-14 10:31:56.372412 ha out 169.254.0.1.22 -> 169.254.0.2.12562: ack 3157829167
2026-05-14 10:31:56.373883 port_ha out 169.254.0.1.22 -> 169.254.0.2.12562: psh 3606865257 ack 3157829167
2026-05-14 10:31:56.373886 ha out 169.254.0.1.22 -> 169.254.0.2.12562: psh 3606865257 ack 3157829167
2026-05-14 10:31:56.373924 port_ha in 169.254.0.2.12562 -> 169.254.0.1.22: ack 3606865280
2026-05-14 10:31:56.374101 port_ha out 169.254.0.1.22 -> 169.254.0.2.12562: psh 3606865280 ack 3157829167
2026-05-14 10:31:56.374103 ha out 169.254.0.1.22 -> 169.254.0.2.12562: psh 3606865280 ack 3157829167


  1. Check the sshd daemon on the target FortiGate.


FGT-Save # diagnose debug application sshd -1
Debug messages will be on for 30 minutes.

FGT-Save # diagnose debug enable
FGT-Save # SSH: This ip 169.254.0.2 is not blocked
SSH: fd 7 is not O_NONBLOCK
SSH: Forked child 14624.
SSH: Client protocol version 2.0; client software version xxxxxxx
SSH: no match: xxxxxxx
SSH: Enabling compatibility mode for protocol 2.0
SSH: Local version string SSH-2.0-ZhGaybq8BJ4kE
SSH: fd 7 setting O_NONBLOCK
SSH: Proposal: 0, Ciphers: 'diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,kex-strict-s-v00@openssh.com'
SSH: Proposal: 1, Ciphers: 'ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-256,rsa-sha2-512,ssh-ed25519'
SSH: Proposal: 2, Ciphers: 'aes256-ctr,aes256-gcm@openssh.com'
SSH: Proposal: 3, Ciphers: 'aes256-ctr,aes256-gcm@openssh.com'
SSH: Proposal: 4, Ciphers: 'hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com'
SSH: Proposal: 5, Ciphers: 'hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com'
SSH: SSH2_MSG_KEXINIT sent
SSH: SSH2_MSG_KEXINIT received

    Terms & ConditionsAccessibility statement