| Description |
This article discusses config error sync issues due to Fortiswitch access (Fortiswitch on FortiLink mode) 'Rest API login failed with error 28', |
| Scope | FortiSwitch. |
| Solution |
When a Fortiswitch is controlled by a FortiGate, it sends information to FortiSwitch through Rest API. FortiGate needs to have admin access to FortiSwitch. This access is done by HTTPS.
FortiSwitch needs to have at least HTTPS enabled on its internal interface to allow be controlled by FortiGate. If it is disabled disable, It is possible to get the next error with the command 'get-sync-status'.
'Rest API login failed with error 28' means that FortiGate could not log in to FortiSwitch through its rest API. To fix this, enable HTTPS on FortiSwitch's internal interface manually either SSH or console interfaces.
config system interface edit "internal" set allowaccess ping https ssh next end
This error may also be seen after modifying the HTTPS port on FortiSwitch. This happens because FortiGate attempts to contact the FortiSwitch through https tcp port 443. See this article.
Another cause of the issue could be the trusthost configuration on the FortiSwitch. Check the below output on the FortiSwitchCLI and remove the trusthost config OR add the FotiGate subnet.
FSW# show full-config system admin |
