Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connect-FGT #294

Open
DigitalNightmare opened this issue Jan 29, 2025 · 3 comments
Open

Connect-FGT #294

DigitalNightmare opened this issue Jan 29, 2025 · 3 comments

Comments

@DigitalNightmare
Copy link

DigitalNightmare commented Jan 29, 2025
edited by alagoutte
Loading

I don't 100% know if this is an issue with the latest version. But when i

connect-fgt -server iphere -apitoken apitokenhere

tried the api key in double quotes as well.

I get a message saying im entering either incorrect credentials or am not connecting from a trusted host.
The API Key I copied directly from the FortiGate im connecting to, so i know it is correct.

The Trusted hosts i've left blank and tested i still am unable to connect.
The Trusted hosts have also been filled out with /24 networks from which i connect from. This is the error i get.

`Authentication failure. Wrong token or not a Trusted Host.
At C:\Program Files\WindowsPowerShell\Modules\powerfgt\0.9.0\Public\Connection.ps1:331 char:17
+ ...             throw "Authentication failure. Wrong token or not a Trust ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Authentication ...a Trusted Host.:String) [], RuntimeException
    + FullyQualifiedErrorId : Authentication failure. Wrong token or not a Trusted Host.

`

I am wondering if I am just doing something wrong while connecting.
@alagoutte
Copy link
Contributor

Hi @DigitalNightmare

Don't fortget to set -SkipCertificateCheck ? (if you are using the IP Address of Fortigate)

What powershelle version ? and FortiGate release ?

What the API configuration ?

With credential it is working ?

@DigitalNightmare
Copy link
Author

Hello @alagoutte

I did use the -SkipCertificateCheck as well yes.

PowerShell Version: 5.1.22621.4391
FortiGate OS Version: 7.4.6 build 2726 (mature)
API configuration: API Token is being used. The profile that it is connected to allows

Access Permissions:
Address: Read
Firewall: Custom
Network: Custom
Network Configuration: Read
Router: Read
System: Custom
System Configuration: Read
Wi-Fi & Switch: Read
Permit Usage of CLI Commands: Disable <--- might be the issue?

I tried with credentials: It does not work either. I will try to open this up to read for all things in the access permissions, and turn on the permit usage of CLI commands. One at a time and report back what i find out.

@alagoutte
Copy link
Contributor

Hi,

the module don't use CLI/SSH but API (HTTPS)

Do you are using standard port for Admin ? (you need to use -port)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alagoutte @DigitalNightmare