Hello everybody,
I use CatTools for the automatic configuration backup for over fifty Fortigate 60D devices with the Firmware 5.2.2 and 5.2.4.
I used the Device.Backup.RunningConfig activity, which connects to the devices via ssh and everything worked fine.
However after upgrading most of the devices to Version v5.2.5,build0701 the backup doesn't work anymore. An upgrade to newest Version 5.4.0 also didn't help.
I compared the new and the old configuration and also looked for some clues in the Release Notes but couldn't find any reason for this behaviour.
CatTools always brings the "Failed to connect to 212.x.x.x. No Response from remote host. Will try again." error message.
I would be very grateful if somebody has an idea on how to solve this issue. If you need any additional Information, I will provide it as fast as possible.
Thanks in advance and best regards,
brigadax
Solved! Go to Solution.
We had this same problem and raised it with or suppliers and were told:
This issue is related with the default dh-param that is changed from 1024 to 2048. But the FGT is still offering algorithm as "diffie-hellman-group-exchange-sha1" and "diffie-hellman-group1-sha1". When ssh client try to communicate with algorithm order "diffie-hellman-group-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1", FGT sends a TCP FIN. And the ssh connection can not be set up. This issue is expected to be resolved in 5.2.6 or 5.4.1.
and then
Fortinet have advised that there is no work around for this issue. A fix will come in 5.2.6, the ETA for 5.2.6 is between Jan 25, 2016 - Jan 29, 2016 and for 5.4.1 its Feb 15, 2016 - Feb 19, 2016.
We opened a ticket over the customer portal and later on received the new version 3.11.
SSH-V1 is not enabled on our 60D Units.
Same issue here. Not had time to do any in-depth debugging but would be very interested if you find a solution.
Thank you very much duncan.read, this information helps us a lot. As soon as the new Firmware is available, we will upgrade our test device and see if the issue is resolved.
@Adrian Lewis
We tried many different things but so far we didn't find a solution. Now we will just wait for the new firmware.
Still having issues with 5.2.6 - Anyone else have any joy?
Same issue here, problem started with FortiOS 5.2.5, because of ips engine crashes we had to upgrade to 5.2.6 but still the same issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.