Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Network Configuration Manager (NCM) > Connection is refused when trying to backup Fortigate firewall with FortiOS version 5.2.5

Connection is refused when trying to backup Fortigate firewall with FortiOS version 5.2.5

Table of contents
Created by Erickson Ultu, last modified by John Salvani on Mar 30, 2017

Views: 2,769 Votes: 3 Revisions: 12

Updated: May 31, 2016

Overview

There are issues with the configuration backup from a FortiGate firewall devices. This firewall is running FortiOS version 5.2.5 and newer. A session trace does not seem to help in troubleshooting as it seems to just try to connect and fails. Also connecting to device using SSH client (i.e. PuTTY) from within Orion server will be successfull.

Environment

NCM 7.3 and newer

Detail

According to FortiGate Support:
 
"The pattern of the issue matches with the bug you identified in the very first message - the Fortigate lists the parameters in the order that assumes the 1024b length will be accepted, but, due to the coding mistake, the diffie-hellman-group1-sha1 is not accepted by the fact. 

If the module you're using can be customized, avoid using of the diffie-hellman-group1-sha1 algorithm and list, for example, the diffie-hellman-group-exchange-sha1 as the first one.
"
 
So this seems as a combination of when using the 2048 encryption, the order of the parameters are incorrect due to a coding error on the FortiGate side.

 

The issue is resolved through the hot fix. Please go to one of the below articles (for specific version) for further details:

 

Network Configuration Manager v7.4.1 HotFix 3

Network Configuration Manager v7.5 Hotfix 1

 

Note: NCM 7.5 Hoftix 1 is also applicable for NCM 7.6.

 

Last modified

Tags

Classifications

Public