Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiMilan
New Contributor

Created on ‎05-19-2025 09:39 AM

SNMP connect succeeded.However device failed to connect using CLI credentials.Device either does not

Hi,

I'm encountering an issue when trying to add a FortiGate device to FortiNAC; the process fails with the error mentioned in the subject line. However, I am able to successfully establish an SSH connection from the FortiNAC to the FortiGate via the CLI.

I have Created an API admin and genereted the key, where it is used?

 

Could you please assist in troubleshooting this?NAC.png

 

This article didnt help to solve my issue

 

 

Thank you in advance!"

Labels:
434
0 Kudos
5 REPLIES 5
funkylicious
SuperUser
SuperUser

Created on ‎05-19-2025 09:46 AM Edited on ‎05-19-2025 09:50 AM

have you configured and enabled snmp on the fgt ?

L.E. i've misread the issue. irc you just need a admin user+password , not a api user w/ key and w/o enable password, unless it's a device that need enable/escalation.

"jack of all trades, master of none"
"jack of all trades, master of none"
427
FortiMilan
New Contributor
In response to funkylicious

Created on ‎05-19-2025 10:04 AM Edited on ‎05-19-2025 10:05 AM

Thank you for your response. I'm using the firewall administrator's username and password, and I can successfully log in to the FortiGate via the FNAC CLI. However, I encounter the error when attempting to add the device to FNAC.

I’ve configured SNMP on FG and enabled it on the relevant interface, but it still isn’t working.

418
0 Kudos
funkylicious
SuperUser
SuperUser
In response to FortiMilan

Created on ‎05-19-2025 10:13 AM

i would just make sure to leave out/empty the enable password field, since on FGTs you dont need to send enable command/elevate with a password like Cisco or Arista.

 

i would then double check that the port for ssh is the default one and not a custom one then do a Validate Credentials with a debug open on FGT side.

"jack of all trades, master of none"
"jack of all trades, master of none"
412
FortiMilan
New Contributor
In response to funkylicious

Created on ‎05-19-2025 10:29 AM Edited on ‎05-19-2025 10:29 AM

I have left enable passowrd empty, still didnt work

I have checked port "admin-ssh-port : 22"
using this credential I can access to the fortigate in fortinac cli

so I think the issue is any of these

399
0 Kudos
ebilcari
Staff
Staff

Created on ‎05-20-2025 01:43 AM

The API can be configured like shown in this section of the guide, but this is optional and does improve performance but may not be related to this issue.

Which FGT model are you trying to add and is it automatically modeled or did you choose a similar version like shown here: Technical Tip: Add a Device in Topology Using an Existing Model

The CLI credentials validation doesn't check only the credentials, FNAC has to connect via SSH and get valid information. Make sure you are using the same IP on FGT for configurations and tests.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
339
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.