Solution for Skybox connection issue to Fortinet FortiGate or FortiManager

If you are using the Skybox (https://www.skyboxsecurity.com/) solution for your environment, during the initial setup there might be an issue in the connection from the Skybox to your Fortinet FortiGate firewalls or your or FortiManager firewall management system. Skybox uses HTTPS (XML API with SOAP) and/or SSH to connect to the Fortinet systems.

If your hardening of the Fortinet devices changed the default minimum Diffie-Hellman Exchange-Bits from 2048 to 3072, 4096 or 8192Bits, then your Skybox is not able to connect to them, after Skybox currently does not support more than 2048Bit for DH.

FortiGate Hardening of DH-Bits:

config sys global
 set dh-params 8192
end


See also the Skybox documentation "ReferenceGuide", e.g. here "Reference Guide v10.801" or an overview of the documentation of all last versions.

No comments:

Post a Comment

Azure Managed Identities (technical service accounts)

Explaination Azure Managed Identities = technical service accounts Password is automatically managed, as it was the case in managed service ...