Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Network Configuration Manager (NCM) > Unable to Download Configs after updating to Fortinet version 5.2.5

Unable to Download Configs after updating to Fortinet version 5.2.5

Updated April 28th, 2016

Overview

After upgrading your Fortinet OS to version 5.2.5, you are not able to download configs even without changing anything on your NCM configuration. When you perform a test under edit nodes, the following error appears:

 

Connection Refused by x.x.x.x

Environment

NCM 7.0 and later

Cause 

This is a known issue (BUG ID: 300588) with FortiNet OS (FortiOS) version 5.2.5. Refer to below Thwack post:

Cipher Protocols Supported by NCM SSH

 

Currently NCM supports key sizes of 1024 bits since it is using diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1. FortiGate requires SHA2 encryption (2048 bit key) and is dropping SHA1 connections.

Resolution

Perform either of the following:

  • Use TELNET to connect on your Fortinet device with FortiOS version 5.2.5.
  • Downgrade your Fortinet OS so you can still use SSH.
  • If on NCM 7.4.1, install Hotfix 3.
  • If on NCM 7.5.0, install Hotfix 1.

 

Note: Per Fortinet, this issue is expected to be resolved in future version of the FortiOS. However, on version 5.2.6, the issue is still not resolved or mentioned on this 5.2.6 release notes: FortiOS Release Notes Version 5.2.6 (© 2017 Fortinet, available at http://docs.fortinet.com, obtained on March 29.2017.)

 

According to Thwack post FortiNet should have the issue resolved in version 5.2.7 or 5.4.1 of FortiOS.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Last modified
14:02, 9 Aug 2017

Tags

Classifications

Public