Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ivanr4g63
New Contributor

FortiAP 320c - Weak SSH MAC algorithms enabled

Hello,

 

We currently have about 12 of these 320c AP's on our network running the latest 6.0 firmware, these are managed thru FortiGate console on our firewall.

recently we got flagged with "SSH Weak MAC Algorithms Enabled" on a compliance scan.

 

While reading on the documentation it seems we have all configuration up to standard and I can't seem to clear this vulnerability.

/outdated SSH ciphers. all the 'fixes' that I found are to be applied on the firewall via the 'Config Sys Global' command,but doesn't seem to apply for the AP's.

 

Has anyone fixed this? and what did you had to do?

 

Thanks in advance.

3 REPLIES 3
Ivanr4g63
New Contributor

in your experience - is the only way to manage the allowed SSH algorithms that the AP's handle is from the FortiGate console?

abelio

Ivanr4g63 wrote:

in your experience - is the only way to manage the allowed SSH algorithms that the AP's handle is from the FortiGate console?

what's the problem with that?

After all, Fortigate is your WLL controller, it makes sense.

 

regards




/ Abel

regards / Abel
Ivanr4g63

abelio wrote:

 

what's the problem with that?

After all, Fortigate is your WLL controller, it makes sense.

Problem? There is no problem. Do you know how to make these changes so that the FortiAP's adjust the SSH Ciphers that are used?

 

I've tried comments such as below and similar posts, no help. any pointers greatly appreciated.

[link]https://forum.fortinet.com/tm.aspx?m=152796[/link]

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors