NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Description The following symptoms are experienced:
SSH connection works if established through the FNAC CLI.
Testing CLI credential validation through the Administration UI fails, as well as other functions requiring CLI method (VLAN switching, L2/L3 poll, etc).
This behavior can occur if devices are using Diffie-Hellman (DH) key size values larger than 2048.
Log entry example from a Cisco switch: %SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with minimum configured DH key on server
Scope Version: 8.8.x
Solution Workaround: Set the DH Key Size on the devices to 2048.
