Technical Tip: Agentless VPN portal certificate warning
| Description | This article describes a behavior change implemented in FortiOS v7.4.10, v7.6.5 and v8.0.0. |
| Scope | FortiGate Agentless VPN Portal. |
| Solution | FortiOS versions before v7.4.10, v7.6.5, and v8.0.0 do not perform Certificate checks for remote server access, rendering them susceptible to MITM attacks.
A behavior change was introduced in these versions to harden security, and if FortiOS does not trust the certificate of the remote server, the following warning will be presented:
FortiOS v7.6.5 and v8.0.0 also have CLI changes that allow the administrator to manipulate the outcome of the certificate check:
config vpn ssl settings set remote-https-cert-check [ no-check | warn-on-error | reject-on-error ] end
no-check = Do not check the remote HTTPS server's certificate. warn-on-error = Display a warning when there is a certificate error. reject-on-error = Reject connection when there is a certificate error.
Related document: |
