FortiAP 320c - Weak SSH MAC algorithms enabled

Ivanr4g63 · ‎03-27-2019

Hello,

We currently have about 12 of these 320c AP's on our network running the latest 6.0 firmware, these are managed thru FortiGate console on our firewall.

recently we got flagged with "SSH Weak MAC Algorithms Enabled" on a compliance scan.

While reading on the documentation it seems we have all configuration up to standard and I can't seem to clear this vulnerability.

/outdated SSH ciphers. all the 'fixes' that I found are to be applied on the firewall via the 'Config Sys Global' command,but doesn't seem to apply for the AP's.

Has anyone fixed this? and what did you had to do?

Thanks in advance.

Ivanr4g63 · ‎04-02-2019

in your experience - is the only way to manage the allowed SSH algorithms that the AP's handle is from the FortiGate console?

abelio · ‎04-02-2019

Ivanr4g63 wrote:
in your experience - is the only way to manage the allowed SSH algorithms that the AP's handle is from the FortiGate console?

what's the problem with that?

After all, Fortigate is your WLL controller, it makes sense.

regards

/ Abel

Ivanr4g63 · ‎04-03-2019

abelio wrote:

what's the problem with that?
After all, Fortigate is your WLL controller, it makes sense.

Problem? There is no problem. Do you know how to make these changes so that the FortiAP's adjust the SSH Ciphers that are used?

I've tried comments such as below and similar posts, no help. any pointers greatly appreciated.

[link]https://forum.fortinet.com/tm.aspx?m=152796[/link]

FortiAP 320c - Weak SSH MAC algorithms enabled

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website