ssl error on 100D to FAZ

stevenp · ‎02-11-2025

Hi team

After upgrading the FAZ to 7.2.9, I have experienced out D and some of our E series can not connect to FAZ due to SSL error.

I have check this forum and have gone through them but still no good,

Our VMs are fine, but it looks like its only the hardware ones.

I have contacted support and they have gone though all the forums as well but can not get it to work.

The software versions are all compatible

Is there something I should also check and test?

Thanks

AEK · ‎02-12-2025

Hi Steven

This is probably because the D series old cypher protocols are not supported anymore on the new FAZ OS.

Try to tune the FortiAnalyzer's parameters shown in this tech tip.

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Setting-SSL-Protocol-Version/ta-p/1896...

AEK

stevenp · ‎02-12-2025

Hi AEK

Thanks for the information.
I followed that link and still nothing happened.
I have 3 D series that can not connect because of the SSL error, but the E series can.

When I changed the the SSL settings, the E series started have issues as well.

AEK · ‎02-13-2025

Hi Steve

I have FAZ VM 7.2.10 and FG 100D 6.2.16, and they are connected without issue.

Here is my current FAZ config, try compare with yours.

Type this:

config sys globalget

Then check these params.

enc-algorithm : high
fgfm-cert-exclusive : disable
fgfm-local-cert : (null)
fgfm-ssl-protocol : tlsv1.2
oftp-ssl-protocol : tlsv1.2
ssh-strong-crpto : enable
ssl-low-encryption : disable
ssl-protocol : tlsv1.3 tlsv1.2
ssl-static-key-ciphers: enable
webservice-proto : tlsv1.3 tlsv1.2

AEK

ssl error on 100D to FAZ

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website