- @duwijakarta   That screenshot seems to be a simple authentication failure ; check logs from the switch
                           However when managing your network equipment , you are always better off by using
                          SSH from your laptop. Often these local ssh clients and servers have limited support for
                          available ciphers and that lead to conflicts  and then the SSH will not work

  M.

if on another type of device doing ssh from a different switch device there is no issue, does that mean that the cisco type 1200 does not support ssh from a switch device with the same type? and if I try ssh via fortigate which goes directly to the switch it still doesn't work.

  @duwijakarta   The same reasoning applies for switch-to-switch SSH , conflicting ciphers support between client and server
                          From the fortigate ; check the logs on the  switch when trying (too).
                          But as I said earlier ; don't spend to much time on it ==> use your laptop,

  M.

I don't mind, I just need to convince my boss that later the device can be remoted from afar, I can ssh because the LAN cable is directly to the switch device, but I can still remote to another switch from the device I direct, but I can't from fortigate, the assumption is that it will be an obstacle if it is later implemented in a remote location. How do I convince my boss that the remote trial from the laptop has no issue, meaning that later the device can also be remoted from afar, it's just that before from the switch device it needs to enter via fortigate, if from fortigate you can't ssh to the switch, will that be a problem later?

  - @duwijakarta   -  If SSH access from the fortigate is a requirement, then you need to examine the logs on the switch when that is tried and look for insights,

  M.

Okee, last question, I just want to make sure, is it possible to only use switchport trunk mode to the fortigate HA device, but if interface 1 is down it can still run towards the fortigate backup? because my problem is that I can't run towards the backup, but if the fortigate HA is unplugged, then there is no problem

 - @duwijakarta  You will also start by examining logs on both the switch and fortigate when troubleshooting the HA failover.  You could also try to clear the ARP cache on the switch ,

 M

indirectly does this c1200 switch support failover to forti HA with the configuration on the interface only using switchport trunk mode? or forti and the switch must be configured with lacp on each interface? thank you very much for your help

 - @duwijakarta  Yes you will need LACP on all ports , also.the fortigate. But in essence lacp is not designed for failover. The behavior of the fortigate is unpredictable. Presumed best setting on the switch will be : lacp mode on

 M.

but I have a Catalys 9300 series that can run failover without LACP, is there a separate configuration in the 9300 type that is not supported in the 1200 type? I see there is a configuration, redundancy, sso mode. Is it necessary to use a specific STP mode setting in this 1200 type? or can you help me with best practice with the 2 switch and 2 forti HA method, thank you

 - @duwijakarta   That is a different issue from the original post; you will have to examine logs on the switch
                           and fortigate to investigate this problem.
                          You may find this https://community.fortinet.com/t5/Support-Forum/Trunk-between-Cisco-switch-and-Fortigate-using-LACP/td-p/292805
                                             useful because it also contains diagnostic commands,

  M.