FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff
Article Id 193051

Description

This article provides a workaround for Google Chrome users that are unable to open the login page with SSL VPN.

After installing a recent Microsoft security update users may no longer be able to connect to the SSL VPN portal on a FortiGate.  Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker to intercept encrypted traffic. The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN portal.


Scope

FortiGate


Solution

Find the shortcut that is used to start Chrome, it may be found in the start menu, quick launch or on the desktop.

1. Right click and select Properties.
2. Select the "Shortcut" tab.
3. In the "Target :" field, add -disable-ssl-false-start to the end of the target addess.  (It should now look like"C:\%Path that Chrome is installed on the PC%\chrome.exe" -disable-ssl-false-start).
4. Select 'Apply' and 'OK'.

caunon_FD33519_a_FD33519.jpg

 
 
Customer Support Bulletin CSB-120117-1

Subject: SSLVPN Connectivity Issue
Released: 18 January 2012
Modified: 2 February 2012
Product: All FortiGate models running SSLVPN

Description:

After installing a Microsoft security update users may no longer be able to connect to the SSLVPN portal on a FortiGate.This issue has been reported by users running Internet Explorer, Firefox 10.0 and Chrome browsers. Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker to intercept encrypted traffic. The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN portal.

Affected Products:

All FortiGate models and software versions using the SSLVPN portal feature in combination with client workstations that are using Internet Explorer, Chrome or Firefox 10.0 browsers.

Resolution:

The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-006.

Details of the Microsoft security bulletin can be found on the following web page:

http://technet.microsoft.com/en-us/security/bulletin/ms12-006

Fortinet will produce an update to FortiOS to restore the compatibility with systems that have been updated with the Microsoft patch. A special build of software will be available “on demand” from a Fortinet support center from Friday 20th January, the enhancement will also be included in all future patch releases for GA release.
Customer Support Bulletin CSB-120117-1

Subject: SSLVPN Connectivity Issue
Released: 18 January 2012
Modified: 2 February 2012
Product: All FortiGate models running SSLVPN

Description:


After installing a Microsoft security update users may no longer be able to connect to the SSLVPN portal on a FortiGate.This issue has been reported by users running Internet Explorer, Firefox 10.0 and Chrome browsers. Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker to intercept encrypted traffic. The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN portal.

Affected Products:


All FortiGate models and software versions using the SSLVPN portal feature in combination with client workstations that are using Internet Explorer, Chrome or Firefox 10.0 browsers.

Resolution:


The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-006.

Details of the Microsoft security bulletin can be found on the following web page:

http://technet.microsoft.com/en-us/security/bulletin/ms12-006

Fortinet will produce an update to FortiOS to restore the compatibility with systems that have been updated with the Microsoft patch. A special build of software will be available “on demand” from a Fortinet support center from Friday 20th January, the enhancement will also be included in all future patch releases for GA release.

 

Contributors