Not getting any response from fortigate using fortios drtiver
asifiqbal opened this issue · comments
In [1]: from napalm import get_network_driver
In [2]: driver = get_network_driver('fortios')
In [3]: device = driver('192.168.228.5', 'admin', None)
In [4]: device.open()
But ssh to the device works just fine
$ ssh -l admin 192.168.228.5 get sys status
FGVM010000054408 # Version: FortiGate-VM64 v5.2.6,build0711,160129 (GA)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 5.00555(2014-10-07 01:21)
IPS-ETDB: 0.00000(2001-01-01 00:00)
Serial-Number: FGVM010000012345
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
VM Resources: 1 CPU/1 allowed, 970 MB RAM/2048 MB allowed
BIOS version: 04000002
Log hard disk: Available
Hostname: FGVM010000012345
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 711
Release Version Information: GA
FortiOS x86-64: Yes
System time: Tue Sep 6 09:19:23 2016
Could you paste the traceback?
I was able to replicate this issue. Here's my traceback:
>>> from napalm import get_network_driver
>>> driver = get_network_driver('fortios')
>>> device = driver('10.128.1.100', 'admin', '')
>>> device.open()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/ebeahan/Envs/napalm/lib/python2.7/site-packages/napalm_fortios/fortios.py", line 37, in open
self.device.open()
File "/Users/ebeahan/Envs/napalm/lib/python2.7/site-packages/pyFG/fortios.py", line 94, in open
self.ssh.connect(**cfg)
File "/Users/ebeahan/Envs/napalm/lib/python2.7/site-packages/paramiko/client.py", line 338, in connect
t.start_client()
File "/Users/ebeahan/Envs/napalm/lib/python2.7/site-packages/paramiko/transport.py", line 493, in start_client
raise e
EOFError
Digging into this a bit, I found a paramiko issue describing this exact issue witih Fortinet:
After following the listed workaround of editing the preferred key exchange algorithms in transport.py, the issue was resolved for me.
>>> from napalm import get_network_driver
>>> driver = get_network_driver('fortios')
>>> device = driver('10.128.1.100', 'admin', '')
>>> device.open()
>>>
I can check if the issue is resolved in a more recent version of FortiOS (was also testing with v5.26), but it appears the bug lies on the Fortinet side not napalm or paramiko.
Great, marking this as invalid as it's a bug somewhere else.
For reference, I am adding a link here with the comment mentioning the workaround you found: paramiko/paramiko#687 (comment)
I might also try to take a look to paramiko and see if there is some patch we can provide to fix the issue but I am afraid I don't have access to any fg device right now : (
In the meantime, if would be nice to add a reference here: https://github.com/napalm-automation/napalm/blob/master/docs/support/fortios.rst
You seem to know better which version seem to be affected so feel free to add as many details as you want about the issue there and how to work around it. Otherewise I will try to add them myself later next week.
Thanks!
Appears to affect FortiOS v5.2.x and beyond (tested up to 5.4.0 - 5.4.1 VM image is throwing fits but will try to test against that version as well). Will work on submitting a PR to updating the docs noting issue and workaround this weekend.
Great! Thanks : )
I am closing this one, feel free to reopen if it's still an issue.