Skip to main content

202001 - Fortinet Authentication Failed

Agent error code #202001 indicates that the agent was unable to authenticate with a Fortinet device (FortiGate or FortiManager). The device rejected the API token provided by the agent.

This error is distinct from authorization failures (#202002), which occur when the token is valid but lacks sufficient permissions. Error #202001 means the token itself was not accepted.

This error typically occurs when:

  • The API token configured in Knocknoc is incorrect
  • The API token has expired or been regenerated on the Fortinet device
  • The API token was deleted from the Fortinet device
  • The FortiManager session has become invalid, often because the token was regenerated

Steps to Resolve

Verify the API Token in Knocknoc

  1. In the Knocknoc admin interface, navigate to the backend configuration for the affected Fortinet device
  2. Confirm the API token matches what is currently configured on the Fortinet device
  3. If the token was recently regenerated on the Fortinet device, update it in Knocknoc to match

For more details, see the Fortinet setup guide.

Verify the API Token on the Fortinet Device

  1. Log into the FortiGate or FortiManager management interface
  2. Navigate to System > Administrators and locate the API user account
  3. Confirm the API user exists and is enabled
  4. If the token has been regenerated or is unknown, generate a new API token and update the Knocknoc configuration with the new value

Check API User Trusted Hosts

If the API user has trusted host restrictions configured, the Fortinet device may reject authentication from IP addresses outside the allowed range.

  1. In the Fortinet management interface, check the API user's trusted host settings
  2. Ensure the agent's IP address falls within the configured trusted host range
  3. If needed, add the agent's IP address to the trusted hosts list

Regenerate the API Token

If the existing token cannot be verified or is no longer working:

  1. Log into the Fortinet device's management interface
  2. Navigate to System > Administrators and select the API user
  3. Regenerate the API token
  4. Copy the new token and update the backend configuration in Knocknoc

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top