Description
This article describes how to fix the installation failed error that fails to update 'system global ssh-enc-algo' from FortiManager 7.2.5 GA version managing FortiGate 7.2.8 GA version.
Scope
FortiManager v7.2.5 managing FortiGate v7.2.8.
Note:
The issue is mentioned in FortiManager 7.2.5 releases notes, under known issues and this issue has been resolved in FortiManager 7.2.6. In case the upgrade to a higher version is not possible, follow the steps below:
Solution
After upgrading FortiManager to v7.2.5 and FortiGate to 7v.2.8, the installation may fail for the following reason and the device config status shows Conflict. This happens due to a change in syntax between v7.2.7 and v7.2.8. FortiManager fails to update the 'system global ssh-enc-algo' command on v7.2.8.
The installation log below shows install failed due to the system's global ssh-enc-algo command:
erbium-kvm190 $ config system global
erbium-kvm190 (global) $ set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
erbium-kvm190 (global) $ end
---> generating verification report
(global: system global:ssh-enc-algo)
remote original:
to be installed: aes256-ctr aes256-gcm@openssh.com
<----- done generating verification report
Install failed:
This is due to a known issue 1004056 in FortiManager v7.2.5 handling FortiOS syntax support between v7.2.7 and v7.2.8. This issue can be either resolved by upgrading the FortiManager version to 7.2.6 GA or by following the below workaround of retrieving the FortiGate config manually.
This is a one-time config retrieve.
To retrieve the config backup of FortiGate, go to Device Manager -> Managed FortiGate, select the respective FortiGate from the list, select the Revision History icon in the Configuration and Installation section, and select the Retrieve Config option.
Post retrieving the FortiGate config successfully the device status will show as Synchronized.
Related articles:
