Troubleshooting Tip: REST API calls to FortiNAC

cmaheu · ‎02-13-2023

Description

This article describes how to troubleshoot the behavior where errors are generated when accessing FortiNAC using REST API.

Example:

FortiNAC responds to API calls with 'cannot contact device with this IP Address'.

Scope

FortiNAC verison 8.x, 9.x.

Solution

1) Record API call submitted and response.

Example:

POST https://myfortiNAC.mydomain.com:8443/api/v2/device/snmp

body
{
"containerID": 1111,
"ipAddress": "10.10.10.10",
"snmpProtocol": "SNMPv3-AuthPriv",
"snmpUsername": "FortiNAC",
"snmpAuthenticationProtocol": "SHA1",
"snmpAuthenticationPassword": "< PASSWORD >",
"snmpPrivacyProtocol": "AES",
"snmpPrivacyPassword": "< PASSWORD >",
"cliCredentials": {
"userName": "svc.fortinac",
"password": "< PASSWORD >"
}
}

Response
{
"status": "error",
"errorMessage": "cannot contact device with this IP Address"
}

2) Enable debug. Log into the appliance CLI as root and type:

nacdebug -name RestServer true

3) Reproduce behavior.

4) Disable debug. Type:

nacdebug -name RestServer false

5) Retrieve system logs using grab-log-snapshot tool.

For instructions see the related KB article:

https://community.fortinet.com/t5/FortiNAC/Technical-Tip-How-to-Use-grab-log-snapshot/ta-p/190755

6) Open a support ticket and attach the following:

- FortiNAC version (x.x.x.x).

- Reason for running the specific API call (desired goal).

- Information attached in step 1.

- System logs.

Troubleshooting Tip: REST API calls to FortiNAC

You are leaving our website