Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
brigadax
New Contributor

CatTools Backup Problem with Fortigate 60D v5.2.5

Hello everybody,

 

I use CatTools for the automatic configuration backup for over fifty Fortigate 60D devices with the Firmware 5.2.2 and 5.2.4.

I used the Device.Backup.RunningConfig activity, which connects to the devices via ssh and everything worked fine.

 

However after upgrading most of the devices to Version v5.2.5,build0701 the backup doesn't work anymore. An upgrade to newest Version 5.4.0 also didn't help.

 

I compared the new and the old configuration and also looked for some clues in the Release Notes but couldn't find any reason for this behaviour.

 

CatTools always brings the "Failed to connect to 212.x.x.x. No Response from remote host. Will try again." error message.

 

I would be very grateful if somebody has an idea on how to solve this issue. If you need any additional Information, I will provide it as fast as possible.

 

Thanks in advance and best regards,

brigadax

1 Solution
duncan_read
New Contributor

We had this same problem and raised it with or suppliers and were told:

 

This issue is related with the default dh-param that is changed from 1024 to 2048.  But the FGT is still offering algorithm as "diffie-hellman-group-exchange-sha1" and "diffie-hellman-group1-sha1". When ssh client try to communicate with algorithm order "diffie-hellman-group-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1", FGT sends a TCP FIN. And the ssh connection can not be set up. This issue is expected to be resolved in 5.2.6 or 5.4.1.

 

and then

 

Fortinet have advised that there is no work around for this issue. A fix will come in 5.2.6, the ETA for 5.2.6 is between Jan 25, 2016 - Jan 29, 2016 and for 5.4.1 its Feb 15, 2016 - Feb 19, 2016. 

View solution in original post

14 REPLIES 14
brigadax
New Contributor

We opened a ticket over the customer portal and later on received the new version 3.11.

 

SSH-V1 is not enabled on our 60D Units.

Adrian_Lewis
Contributor

Same issue here. Not had time to do any in-depth debugging but would be very interested if you find a solution.

brigadax

Thank you very much duncan.read, this information helps us a lot. As soon as the new Firmware is available, we will upgrade our test device and see if the issue is resolved.

 

@Adrian Lewis

We tried many different things but so far we didn't find a solution. Now we will just wait for the new firmware.

Adrian_Lewis

Still having issues with 5.2.6 - Anyone else have any joy?

krdoor

Same issue here, problem started with FortiOS 5.2.5, because of ips engine crashes we had to upgrade to 5.2.6 but still the same issue.

Top Kudoed Authors