Technical Tip: How to change the TLS version used in ZTNA HTTPS publications

To change the TLS configuration for HTTPS ZTNA publications, follow these steps:

1. Access the FortiGate and open the CLI, and execute the command:

config firewall vip

2. Find the ZTNA publication that needs to be changed and then execute the command to edit it. For example:
   
   

edit ZTNA-Application

3. Then, run the command:

show full-configuration

4. This will list the available options for changing the maximum and minimum TLS versions.

set ssl-max-version tls-1.3
set ssl-min-version tls-1.1

5. After finding these options, execute one of the following commands to force the use of a minimum version higher than v1.1:

set ssl-min-version tls-1.2

Or:

set ssl-min-version tls-1.3

6. After changing the minimum version to 1.2 or 1.3, TLS v1.1 will no longer be available for the ZTNA HTTPS publication.