Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Network Configuration Manager (NCM) > Unable to Download Configs after updating to Fortinet version 5.2.5

Unable to Download Configs after updating to Fortinet version 5.2.5

Updated April 28th, 2016

Overview

After upgrading your Fortinet OS to version 5.2.5, you are not able to download configs even without changing anything on your NCM configuration. When you perform a test under edit nodes, the following error appears:

 

Connection Refused by x.x.x.x

Environment

NCM 7.0 and later

Cause 

This is a known issue (BUG ID: 300588) with FortiNet OS (FortiOS) version 5.2.5. Refer to below Thwack post:

Cipher Protocols Supported by NCM SSH

 

Currently NCM supports key sizes of 1024 bits since it is using diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1. FortiGate requires SHA2 encryption (2048 bit key) and is dropping SHA1 connections.

Resolution

Perform either of the following:

  • Use TELNET to connect on your Fortinet device with FortiOS version 5.2.5.
  • Downgrade your Fortinet OS so you can still use SSH.
  • If on NCM 7.4.1, install Hotfix 3.
  • If on NCM 7.5.0, install Hotfix 1.

 

Note: Per Fortinet, this issue is expected to be resolved in future version of the FortiOS. However, on version 5.2.6, the issue is still not resolved or mentioned on this 5.2.6 release notes: FortiOS Release Notes Version 5.2.6 (© 2017 Fortinet, available at http://docs.fortinet.com, obtained on March 29.2017.)

 

According to Thwack post FortiNet should have the issue resolved in version 5.2.7 or 5.4.1 of FortiOS.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Last modified
08:40, 29 Mar 2017

Tags

Classifications

Public