Technical Tip: Modify the TLS version for the Fort...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 196330

Description

This article describes how to change the TLS version via CLI when accessing the GUI.

Solution

By default, TLS 1.1 and TLS 1.2 are enabled when accessing to the FortiGate GUI via a web browser.

Change this setting from the CLI:

# config system global
set admin-https-ssl-versions (shift + ?) <----- To list down the available tls version.
tlsv1-0 TLS 1.0.
tlsv1-1 TLS 1.1.
tlsv1-2 TLS 1.2.
set admin-https-ssl-versions tlsv1-2 <----- with this setting, only tls 1.2 is allowed.
end

From FortiOS 6.4, tlsv1-0 is no longer supported and instead, tlsv1-3 was introduced:

Firewall # config system global
Firewall (global) # set admin-https-ssl-versions
tlsv1-1 TLS 1.1.
tlsv1-2 TLS 1.2.
tlsv1-3 TLS 1.3.

92800

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Modify the TLS version for the FortiGate GUI access