FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sachin_Alex_Cherian_
Article Id 212360

 

Description

This article explains how to overcome vulnerabilities related to SSH Weak Message Authentication Code Algorithms.

Scope

When doing vulnerability assessments against the FortiGate.

For FortiOS version 7.0 and upper.

Solution

The vulnerability related to Weak MAC algorithms is resolved by doing the below:

 

# config system global

    set ssh-mac-algo <>

end

 

Below algorithms are available:

 

hmac-sha2-256

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-512-etm@openssh.com

 

Specify stronger algorithms specifically to be used.

Hence avoiding the possibility of vulnerabilities being detected due to weaker algorithms being used for connections.