- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot ssh from FortiGate to Managed Switch
Hello. My FortiGates manages a bunch of FortiSwitches. My gates runs 7.0.5 and my switches are at 7.0.4. At one time I could right-click on a managed switch in FortiOS UI and choose Connect to cli, and a fresh ssh session would open. Now I get percent_expand: unknown key %H. I know I read about this problem in a release note somewhere and the fix was also listed. I can't find that article again for some reason. Has anyone else seen this and do you know the fix or can you send me the reference? Thanks!
- Labels:
-
FortiSwitch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does this happen when you try connecting to CLI of all your switches or just one?
What happens if you right-click and select "Diagnostics & Tools" and then click the CLI Access tab? Same error?
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. Its happening to all switches. If I follow your directions and click the CLI Access Tab I get the same result percent_expand: unknown key %H. Also, some switches in the UI show Diagnostics & Tools greyed out.
Ever heard of this before?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have not seen this before, no. Have you opened a ticket with TAC?
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Working with TAC. No solution yet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solved by TAC. When I upgraded to 7.0.5 on my gates, or maybe on an earlier upgrade, the following config got set:
config switch-controller global
set fips-enforce enable
Well FIPS can cause all sorts of issues and often breaks stuff. We set that to disabled, and while it took a little time to take effect, I no longer see that cryptic error. Whew!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Spoke too soon. While it appeared this was fixed, the problem returned the next day. Even with FIPS disabled! It's not a browser cache issue or anything like that. I've opened a fresh TAC case and referenced the last ticket. I'll bet this will have to go to development to investigate. So weird.
