Created on 03-15-2012 01:10 AM Edited on 06-02-2022 09:54 AM By Anonymous
Description
Scope
FortiGate
Solution
Customer Support Bulletin CSB-120117-1
|
Subject: SSLVPN Connectivity Issue Released: 18 January 2012 Modified: 2 February 2012 Product: All FortiGate models running SSLVPN Description:
After installing a Microsoft security update users may no longer be able to connect to the SSLVPN portal on a FortiGate.This issue has been reported by users running Internet Explorer, Firefox 10.0 and Chrome browsers. Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker to intercept encrypted traffic. The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN portal. Affected Products:
All FortiGate models and software versions using the SSLVPN portal feature in combination with client workstations that are using Internet Explorer, Chrome or Firefox 10.0 browsers. Resolution:
The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-006. Details of the Microsoft security bulletin can be found on the following web page: http://technet.microsoft.com/en-us/security/bulletin/ms12-006 Fortinet will produce an update to FortiOS to restore the compatibility with systems that have been updated with the Microsoft patch. A special build of software will be available “on demand” from a Fortinet support center from Friday 20th January, the enhancement will also be included in all future patch releases for GA release. |
Customer Support Bulletin CSB-120117-1 |
Subject: SSLVPN Connectivity Issue Released: 18 January 2012 Modified: 2 February 2012 Product: All FortiGate models running SSLVPN Description: After installing a Microsoft security update users may no longer be able to connect to the SSLVPN portal on a FortiGate.This issue has been reported by users running Internet Explorer, Firefox 10.0 and Chrome browsers. Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker to intercept encrypted traffic. The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN portal. Affected Products: All FortiGate models and software versions using the SSLVPN portal feature in combination with client workstations that are using Internet Explorer, Chrome or Firefox 10.0 browsers. Resolution: The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-006. Details of the Microsoft security bulletin can be found on the following web page: http://technet.microsoft.com/en-us/security/bulletin/ms12-006 Fortinet will produce an update to FortiOS to restore the compatibility with systems that have been updated with the Microsoft patch. A special build of software will be available “on demand” from a Fortinet support center from Friday 20th January, the enhancement will also be included in all future patch releases for GA release. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.