Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Created on ‎01-22-2024 05:02 AM

Fortinac Change L3 Devices

Hello, I am using fortinac-f version 7.2.5. I added my existing firewall as l3 device. I have access point devices under it. yesterday I replaced my existing firewall with a different model. since yesterday, when I add my username and password to the cli line from the credentials section in the interface, I get an error. the access point devices I saw before are no longer visible. although I press the clear known host button, nothing changes.nac_error1.PNGnac_error2.PNG

Labels:
2159
0 Kudos
20 REPLIES 20
AEK
SuperUser
SuperUser

Created on ‎01-22-2024 06:08 AM

  • First, try to connect with ssh from command line to your FGT
  • The configured user should be super admin or super admin RO
  • On your FGT remove pre and post-login banners then tey again 
AEK
AEK
1153
ebilcari
Staff
Staff

Created on ‎01-22-2024 06:38 AM

The error that suggest to check the file "/bsc/.ssh/known_hosts" is from old CentOS version of FNAC.

Since you are running NAC-OS check if the old fingerprint is present using this command:

# execute ssh-known-hosts show nac

and if it's present try to remove using this command:

# execute ssh-known-hosts remove-host nac 10.1.2.1
# Host 10.1.2.1 found: line 6
/bsc/.ssh/known_hosts updated.
Original contents retained as /bsc/.ssh/known_hosts.old

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1147
rcpdkc
Contributor II
In response to ebilcari

Created on ‎01-22-2024 10:48 PM

@ebilcari  

 

The codes you said work but I am using a different port number for ssh.

Output of the following code:

execute ssh-known-hosts show nac

fortinac3.PNG

I am applying this way by editing the command you gave me and the result is successful;

execute ssh-known-hosts remove-host nac [192.168.199.1]:2222

 

fortinac4.PNG

But the result is still the same and I get an error again when adding the firewall

nac_error1.PNG

 

 When I use a different ssh port, the problem is fixed.

 

 

 

 

1113
0 Kudos
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎01-22-2024 11:10 PM Edited on ‎01-22-2024 11:11 PM

Once you add the device (confirm even if not reachable), go to FortiNAC CLI and run the below command:

Device -setAttr -ip <device IP> -name SSH_Port -value 2222

Ref:  https://community.fortinet.com/t5/FortiNAC/Technical-Note-Modify-Telnet-and-SSH-port-settings-for-de...

 

Once done, comeback again to WebUI > Inventory > your device, and validate credentials again, to make sure it works.

AEK
AEK
1103
rcpdkc
Contributor II
In response to AEK

Created on ‎01-22-2024 11:46 PM Edited on ‎01-22-2024 11:57 PM

fortinac5.PNG

Are you sure you're working on Fortinac F?

1098
0 Kudos
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎01-23-2024 12:04 AM Edited on ‎01-23-2024 12:04 AM

That was on FortiNAC.

On F please try this way:

execute enter-shell

device -ip <device IP> -setAttr -name SSH_Port -value 2222

 

AEK
AEK
1084
rcpdkc
Contributor II
In response to AEK

Created on ‎01-23-2024 12:19 AM

It worked like this. I got an output but some information does not match, for example the snmp version.

1074
0 Kudos
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎01-23-2024 12:25 AM

Can you share more details about the error?

AEK
AEK
1067
ebilcari
Staff
Staff
In response to rcpdkc

Created on ‎01-23-2024 12:28 AM

I guess you are referring to this line after you run that command:

Name = SNMP_VERSION_ATTR value = 1

You can ignore this output, it will not cause any issue.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1060
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.