Technical Tip: How to enable strong encryption for HTTPS/SSH admin access to a FortiGate
Description
This article describes how to enable strong encryption for HTTPS admin access to a FortiGate.
Scope
FortiOS.
Solution
It is possible to enable strong encryption for HTTPs admin access and SSH with the following command (default):
config system global
set strong-crypto enable
end
Enabling the use of strong encryption will only allow TLS 1.2 and 1.3 for HTTPS admin access. Refer to the following document for the matrix of supported ciphers: FortiGate encryption algorithm cipher suites. When strong encryption is enabled, it might not be possible to open the FortiGate WebGUI in browsers running older versions. Make sure the browser is up to date.
For more information, refer to the CLI reference guide at FortiOS CLI reference.