Cannot connect to SFTP on host using ssh-dss

I am testing the connection on command-line, using:

sftp -vvv user@example.com

This returns:

debug2: resolving "example.com" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to example.com [example.com] port 22. debug1: Connection established. .. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u4 ssh_exchange_identification: read: Connection reset by peer

(firewall dropped the connection)

Using an offsite VPN to the same connection:

debug1: kex: algorithm: diffie-hellman-group-exchange-sha1 debug1: kex: host key algorithm: (no match) Unable to negotiate with example.com port 22: no matching host key type found. Their offer: ssh-dss

(successful connection, but wrong algo)

Adding the legacy SSH flag while on the offsite VPN (sftp -vvv -oHostKeyAlgorithms=+ssh-dss user@example.com) returns:

The authenticity of host 'example.com (example.com)' can't be established. DSA key fingerprint is SHA256:snipped. Are you sure you want to continue connecting (yes/no)?

(success)

My question is: By what method can I allow this legacy connection through Fortigate to example.com?

I am using Fortigate 310B