Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dan_Eng52
Contributor II

Created on ‎05-03-2025 09:10 AM

FortiManager - Pushing CLI Configuration Which Doesn't Exist

Hi all, 

 

I hope you can help me. 

 

I'm having an issue with our FortiManager and a conflict which is preventing us from getting the firewall to a synchronised state. Below is the ssl-ssh-profile and the configuration which it is trying to push, the problem is that this command doesn't exist on the FG CLI. 

Screenshot 2025-05-03 170211.jpgScreenshot 2025-05-03 170334.jpg

 

Does anyone now how I can remove this CLI configuration? I have tried un-selecting but it automatically add tls-1.1 back into the settings, it's very annoying and although it doesn't stop us from pushing our dynamic policy and other configuration it will never been show synchronized due to this conflict. 

 

Many thanks, 

Dan. 

631
0 Kudos
22 REPLIES 22
sw2090
SuperUser
SuperUser

Created on ‎05-06-2025 07:57 AM

Strange. Accoarding to https://docs.fortinet.com/document/fortigate/7.2.0/cli-reference/319620/config-firewall-ssl-ssh-prof... the option exists even in FOS 7.2.

 

Hence you didn't post the original error - could it be that it didn't complain about min-allowed-ssl-version not existing but didn't accept your TLS version?

Did you try to roll out with the default tls-v1-1? Did that work?

Did you disable tls versions so they are not available on your FGT?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
172
Dan_Eng52
Contributor II
In response to sw2090

Created on ‎05-06-2025 08:20 AM

Hey @sw2090

 

Thanks for your response. 

 

It's very weird, I have tried within FortiManager setting the min-allowed-ssl-version to tls-v1-1 but unfortunately it gave me the same error. It seems as though my problem is that the command doesn't exist in the CLI of my FGT although it's clear from the CLI reference guide that it should be there. 

 

I'm thinking that there must be something that is required to 'enable' these commands to be displayed within the CLI, but I haven't uncovered this yet. 

 

Thanks, 
Dan. 

148
0 Kudos
Dan_Eng52
Contributor II
In response to sw2090

Created on ‎05-06-2025 08:29 AM

I've just tested this on my lab firewall running a similar setup with version 7.2.10 and this command is available: 


min-allowed.jpg

 

However, this isn't the case for my firewalls running 7.4.7 therefore, something must have changed and it either needs to be enabled somehow or it is an issue with this version of firmware perhaps, I'm really not too sure. 

Thanks, 

Dan. 

100
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.