Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ranand
Staff
Staff

Created on ‎09-20-2020 10:37 PM

Article Id 197316

Technical Tip: Option to set Algorithm and 'ban-cipher' is not available under SSL VPN setting

Description

This article describes why option to set Algorithm and ban-cipher is not available under SSL VPN setting.

- Check the license status under 'get system status'.
- If the license status is reflecting as Low-Encryption(LENC), then the FortiGate will not be able to establish SSL VPN connection with client.
- Refer to the sample below:

# get system status
Version: FortiGate-201E v6.2.4,build1112,200511 (GA)
Serial-Number: FG201ETK1xxxxx
FIPS-CC mode: disable
Current HA mode: standalone
License Status: Low-Encryption(LENC) <-----

- Low Encryption means that the FortiGate cannot use or inspect high encryption protocols such as 3DES and AES.It only uses a 56-BIT DES encryption to work with SSL VPN and IPSec VPN and it is not able to perform SSL Inspection.
- This is the reason why the option to modify the algorithm or ban-cipher is not available for low encryption FortiGate.


Solution
In order to use SSL VPN feature, upgrade the unit to a full encryption unit by acquiring a strong encryption upgrade license key.

Related Articles

Technical Tip: How to control the SSL version and cipher suite for SSL VPN

1919
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.