Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Created on ‎01-22-2024 05:02 AM

Fortinac Change L3 Devices

Hello, I am using fortinac-f version 7.2.5. I added my existing firewall as l3 device. I have access point devices under it. yesterday I replaced my existing firewall with a different model. since yesterday, when I add my username and password to the cli line from the credentials section in the interface, I get an error. the access point devices I saw before are no longer visible. although I press the clear known host button, nothing changes.nac_error1.PNGnac_error2.PNG

Labels:
1010
0 Kudos
20 REPLIES 20
rcpdkc
Contributor II
In response to ebilcari

Created on ‎01-23-2024 12:40 AM

fortinac6.PNG

 the error persists.

428
0 Kudos
ebilcari
Staff
Staff
In response to rcpdkc

Created on ‎01-23-2024 12:51 AM

As I know, what is shown in that article is for older versions of FNAC that didn't have the option of custom ports configurations from GUI, now that is available so the CLI command is not needed anymore.

I searched internally and there is no reported issue related to using custom SSH ports. Is there any port forwarding configured in between FGT-FNAC or any SSH inspection rule in any firewall in between?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
421
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎01-23-2024 12:53 AM

@rcpdkc, what do you get now when you click "Validate Credentials"?

AEK
AEK
418
ebilcari
Staff
Staff
In response to rcpdkc

Created on ‎01-23-2024 02:28 AM Edited on ‎01-23-2024 02:29 AM

I did a test with FNAC 7.2.5 and FGT 7.2.6 (VM) and it can successfully validate credentials on port 2222, so we can assume that there is no problem with FNAC. It may be something in your network that cause this failure.

testi.PNG

CLI output:

fnacf # execute ssh-known-hosts show nac
[10.1.2.1]:2222 ssh-ed25519 AAAAC3Nzxxxxxxxxxxxx

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
401
0 Kudos
rcpdkc
Contributor II
In response to ebilcari

Created on ‎01-23-2024 03:35 AM

the error persists in the same way. i think the problem here is that there is still information from the old device

 

nac_error1.PNG

394
0 Kudos
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎01-23-2024 04:27 AM

  • Do you have pre- and post-login banners on your FortiGate? If so, please disable them and retry
  • On FortiGate use diag snif to check if FortiNAC-F is trying to connect to FortiGate on the right port
AEK
AEK
382
0 Kudos
rcpdkc
Contributor II

Created on ‎01-23-2024 11:43 AM

I solved the problem by changing the port. thanks for your help.

363
0 Kudos
ebilcari
Staff
Staff
In response to rcpdkc

Created on ‎01-24-2024 01:57 AM

Thank you for the feedback. You changed it back to default (22), can you tell was this a FGT limitation or a FNAC issue?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
350
0 Kudos
rcpdkc
Contributor II
In response to ebilcari

Created on ‎01-24-2024 10:19 AM

I gave a different port number, I think it's a bug in fortinac. When I give the default port (22) or any other port, there is no problem. However, the problem occurs when I use port 2222, which I used on the device I replaced.

338
arocchi
Staff
Staff

Created on ‎05-03-2024 01:01 PM

I had exaclty the same behaviour, but changing ssh port to 22 didn't solved.  On my fortinac, the problem was on the HTTPS disabled and the API connector ( model configuration ) can't connect the Fortigate. 

Andrea Rocchi
43
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.