Skip to main content
FortiMilan
FortiMilan
New Member
May 19, 2025
Question

SNMP connect succeeded.However device failed to connect using CLI credentials.Device either does not

  • May 19, 2025
  • 2 replies
  • 1600 views

Hi,

I'm encountering an issue when trying to add a FortiGate device to FortiNAC; the process fails with the error mentioned in the subject line. However, I am able to successfully establish an SSH connection from the FortiNAC to the FortiGate via the CLI.

I have Created an API admin and genereted the key, where it is used?

 

Could you please assist in troubleshooting this?NAC.png

 

This article didnt help to solve my issue

 

 

Thank you in advance!"

2 replies

funkylicious
SuperUser
funkylicious
SuperUser
May 19, 2025

have you configured and enabled snmp on the fgt ?

L.E. i've misread the issue. irc you just need a admin user+password , not a api user w/ key and w/o enable password, unless it's a device that need enable/escalation.

"jack of all trades, master of none"
    FortiMilan
    FortiMilanAuthor
    New Member
    May 19, 2025

    Thank you for your response. I'm using the firewall administrator's username and password, and I can successfully log in to the FortiGate via the FNAC CLI. However, I encounter the error when attempting to add the device to FNAC.

    I’ve configured SNMP on FG and enabled it on the relevant interface, but it still isn’t working.

    funkylicious
    SuperUser
    funkylicious
    SuperUser
    May 19, 2025

    i would just make sure to leave out/empty the enable password field, since on FGTs you dont need to send enable command/elevate with a password like Cisco or Arista.

     

    i would then double check that the port for ssh is the default one and not a custom one then do a Validate Credentials with a debug open on FGT side.

    "jack of all trades, master of none"
      ebilcari
      Staff
      ebilcari
      Staff
      May 20, 2025

      The API can be configured like shown in this section of the guide, but this is optional and does improve performance but may not be related to this issue.

      Which FGT model are you trying to add and is it automatically modeled or did you choose a similar version like shown here: Technical Tip: Add a Device in Topology Using an Existing Model

      The CLI credentials validation doesn't check only the credentials, FNAC has to connect via SSH and get valid information. Make sure you are using the same IP on FGT for configurations and tests.

      Emirjon
        Terms & ConditionsAccessibility statement