Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bmduncan33
New Contributor II

Created on ‎09-27-2022 05:35 AM

Cannot ssh from FortiGate to Managed Switch

Hello.  My FortiGates manages a bunch of FortiSwitches.  My gates runs 7.0.5 and my switches are at 7.0.4.  At one time I could right-click on a managed switch in FortiOS UI and choose Connect to cli, and a fresh ssh session would open.  Now I get percent_expand: unknown key %H.  I know I read about this problem in a release note somewhere and the fix was also listed.  I can't find that article again for some reason.  Has anyone else seen this and do you know the fix or can you send me the reference?  Thanks!

Labels:
1064
0 Kudos
6 REPLIES 6
gfleming
Staff
Staff

Created on ‎09-27-2022 03:24 PM

Does this happen when you try connecting to CLI of all your switches or just one?

 

What happens if you right-click and select "Diagnostics & Tools" and then click the CLI Access tab? Same error?

Cheers,
Graham
1049
0 Kudos
bmduncan33
New Contributor II
In response to gfleming

Created on ‎09-27-2022 04:10 PM

Hello.  Its happening to all switches.  If I follow your directions and click the CLI Access Tab I get the same result percent_expand: unknown key %H.  Also, some switches in the UI show Diagnostics & Tools greyed out. 

 

Ever heard of this before?

1045
0 Kudos
gfleming
Staff
Staff
In response to bmduncan33

Created on ‎09-27-2022 04:19 PM

I have not seen this before, no. Have you opened a ticket with TAC?

Cheers,
Graham
1044
0 Kudos
bmduncan33
New Contributor II
In response to gfleming

Created on ‎09-28-2022 04:47 PM

Working with TAC.  No solution yet.  

1022
bmduncan33
New Contributor II
In response to gfleming

Created on ‎09-29-2022 11:15 AM

Solved by TAC.  When I upgraded to 7.0.5 on my gates, or maybe on an earlier upgrade, the following config got set:

 

config switch-controller global
set fips-enforce enable

 

Well FIPS can cause all sorts of issues and often breaks stuff.  We set that to disabled, and while it took a little time to take effect, I no longer see that cryptic error.  Whew!

1008
0 Kudos
bmduncan33
New Contributor II
In response to bmduncan33

Created on ‎10-01-2022 09:43 AM

Spoke too soon.  While it appeared this was fixed, the problem returned the next day.  Even with FIPS disabled!  It's not a browser cache issue or anything like that.  I've opened a fresh TAC case and referenced the last ticket.  I'll bet this will have to go to development to investigate.  So weird.

972
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.