Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Network Configuration Manager (NCM) > Connection is refused when trying to backup Fortigate firewall with FortiOS version 5.2.5

Connection is refused when trying to backup Fortigate firewall with FortiOS version 5.2.5

Table of contents
Created by Erickson Ultu, last modified by John Salvani on Mar 30, 2017

Views: 585 Votes: 3 Revisions: 12

Updated: May 31, 2016

Overview

There are issues with the configuration backup from a FortiGate firewall devices. This firewall is running FortiOS version 5.2.5 and newer. A session trace does not seem to help in troubleshooting as it seems to just try to connect and fails. Also connecting to device using SSH client (i.e. PuTTY) from within Orion server will be successfull.

Environment

NCM 7.3 and newer

Detail

According to FortiGate Support:
 
"The pattern of the issue matches with the bug you identified in the very first message - the Fortigate lists the parameters in the order that assumes the 1024b length will be accepted, but, due to the coding mistake, the diffie-hellman-group1-sha1 is not accepted by the fact. 

If the module you're using can be customized, avoid using of the diffie-hellman-group1-sha1 algorithm and list, for example, the diffie-hellman-group-exchange-sha1 as the first one.
"
 
So this seems as a combination of when using the 2048 encryption, the order of the parameters are incorrect due to a coding error on the FortiGate side.

 

The issue is resolved through the hot fix. Please go to one of the below articles (for specific version) for further details:

 

Network Configuration Manager v7.4.1 HotFix 3

Network Configuration Manager v7.5 Hotfix 1

 

Note: NCM 7.5 Hoftix 1 is also applicable for NCM 7.6.

 

Last modified
09:56, 30 Mar 2017

Tags

Classifications

Public