Hi there,
I'm having issue in a lab (build by me) that i've created with trial version of FortiGate VMs (x2), FortiManager (x1) and FortiAnalyzer (x1).
I've added two FortiGates to the FortiManager, and everything was working without issues, untill the first device installation.
The FortiManager keeps showing error in the installation of device configuration, after digging around, i found out that the issue occurs because of the "set banned-cipher" command. This command seems to be not available in the trial fortivm, and in the FortiManager I wasn't able to remove the setting from the CLI configuration (because it requires at least 1 cipher that has to be banned).
The running versions of the devices are;
FortiGate VMs KVM 7.4.4 build 2662 (Feature)
FortiManager v7.4.3-build2487 240514 (GA)
FortiAnalyzer (while it doesn't have to do with the issue) v7.4.3-build2487 240514 (GA)
When i deselect the banned-cipher and click apply (in the CLI configuration of the device) the ciphers SHA1, SHA256 and SHA384 are reselected again!
Did anyone encounter this issue?
is there a solution for this issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I've tried to configure the setting thorugh the CLI on the Fortigate, but the whole command seems not to exist, it might have to do with the fact that the Fortigates have trial licenses. But I'm not sure.
Created on 09-30-2024 12:02 PM Edited on 09-30-2024 12:02 PM
Hi,
No there are no VDOMs configured, but I'm curious why the question? :D
I do know that each VDOM is treated by Fortimanager as a separate entity, but this doesn't have to do with the current issue as far as I can see, please correct me if I'm wrong.
Does anyone have the answer to my question?
I would really appreciate it!
Did you ever figure this out? Currently having the same issue in my lab!
Created on 10-19-2024 01:39 PM Edited on 10-19-2024 01:40 PM
I wasn't able to solve the issue, but I found a workaround to at least go throught the labs.
You can retrieve the config from the device and then make changes and push the changes to the device, you'll probably then get the out of sync flag, but the changes will be pushed.
That's the only way that I was able to find.
Let's hope Fortinet is going to do something about this issue
Hello!
Same issue here, regarding the workaround, how did you "retrieve the config from the device, made necessary changes and pushed to the device" ?
Thanks!
Hi,
Exactly, when you push the condig and get the notification about the conflict, you can the retrieve the config from the revision history of the device to get it back in sync.
After that you can make changes and push it back to the device, in this case your changes will be applied, but the config that couldn't be push wouldn't, therefore you'll get the conflict again.
Keep taking the steps as long as needed.
Kind regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.