If Auvik is unable to authenticate to a FortiGate device using the FortiOS REST API, you can use the Discovery Troubleshooting workflow to identify which requirement is preventing successful communication.
To access troubleshooting:
- Open the device from the Device Dashboard.
- Hover over Discovery in the entity navigation menu.
- Click Troubleshooting.
Auvik verifies four requirements before a device can be successfully authenticated using the FortiOS REST API.
Step 1: Verify the Device Is Managed
Auvik can only collect data from devices that are managed.
If the device is currently unmanaged:
- Click Re-enable Management.
- Change the management status from Unmanaged to Managed.
- Click Save.
Step 2: Verify Device API Credentials Are Assigned
Auvik requires Fortinet REST API credentials to communicate with the device.
If credentials already exist:
- Verify that the credentials are assigned to the correct device.
- Confirm the credentials are active and not disabled.
For more information, see How do I edit or delete device API credentials?
If credentials do not exist:
- Create a new Fortinet device API credential.
- Assign the credential to the affected device.
For more information, see How do I add Fortinet device API credentials?
Note: If multiple API credentials exist within Auvik, verify that the correct credential is associated with the device.
Step 3: Verify the FortiOS REST API Is Accessible
The REST API administrator account must have sufficient permissions for Auvik to collect device information.
Verify the Admin Profile Permissions
- Log in to the FortiGate.
- Navigate to System > Admin Profiles.
- Edit the admin profile associated with the API administrator account.
Verify the following permissions are configured:
- Firewall → Custom → Address → Read
- Network → Custom → Configuration → Read
- Network → Router → Read
- System → Custom → Configuration → Read
- WiFi & Switch Controller → Read
- Click OK to save any changes.
Verify the API Administrator Configuration
- Navigate to System > Administrators.
- Edit the REST API administrator associated with the API token.
Verify the following:
- The administrator is assigned to the correct admin profile.
- The administrator account is enabled.
- The API token is active.
- HTTPS administrative access is enabled on the interface used by the Auvik collector.
- The collector IP address is included in the Trusted Hosts list.
For Trusted Hosts, use the collector IP address in CIDR notation. For example:
192.168.1.10/32Tip: If Trusted Hosts are configured incorrectly, the FortiGate may reject API requests even when the credentials are valid.
Step 4: Verify the Device API Credentials
The REST API administrator profile must have sufficient permissions to allow Auvik to retrieve device information.
To verify the profile:
- Navigate to System > Admin Profiles.
- Create a new profile or edit an existing profile.
Verify the following settings:
- System Configuration = Read/Write
- All remaining permissions = Read
- REST API Access = Enabled
- Click OK to save the profile.
Additional Validation
If authentication continues to fail:
- Verify the API token was copied correctly into Auvik.
- Confirm the API token has not been regenerated or revoked.
- Verify the collector can reach the FortiGate over HTTPS (TCP 443 by default).
- Confirm there are no firewall policies blocking management access.
- Verify the FortiGate's administrative interface allows HTTPS access.
- Confirm the FortiGate firmware version is supported by Auvik.
Authentication Successful
Congratulations! The device has been successfully authenticated using the FortiOS REST API.
Auvik will begin collecting available device information, including:
- Device inventory details
- Interface information
- Routing configuration
- Firewall object information
- Performance and status data
Depending on the polling interval, newly collected information may take several minutes to appear in the dashboard.