If you are using the Skybox (https://www.skyboxsecurity.com/) solution for your environment, during the initial setup there might be an issue in the connection from the Skybox to your Fortinet FortiGate firewalls or your or FortiManager firewall management system. Skybox uses HTTPS (XML API with SOAP) and/or SSH to connect to the Fortinet systems.
If your hardening of the Fortinet devices changed the default minimum Diffie-Hellman Exchange-Bits from 2048 to 3072, 4096 or 8192Bits, then your Skybox is not able to connect to them, after Skybox currently does not support more than 2048Bit for DH.
FortiGate Hardening of DH-Bits:
config sys global
set dh-params 8192
end
See also the Skybox documentation "ReferenceGuide", e.g. here "Reference Guide v10.801" or an overview of the documentation of all last versions.
Subscribe to:
Post Comments (Atom)
Azure Managed Identities (technical service accounts)
Explaination Azure Managed Identities = technical service accounts Password is automatically managed, as it was the case in managed service ...
-
Howto add a route with a specific interface into the windows routing-table. This can be useful for example if you have a tunnel-all vpn...
-
If you are running a Windows Server 2016, are using the integrated Windows Server Backup utility and you want to save the backup to a remote...
-
You can either use the GUI of the FortiGate to list all certificates, or use the CLI. Either using the commands: Using the "get...
No comments:
Post a Comment