Technical Tip: Option to set Algorithm and 'ban-cipher' is not available under SSL VPN setting
This article describes why option to set Algorithm and ban-cipher is not available under SSL VPN setting.
- Check the license status under 'get system status'.
- If the license status is reflecting as Low-Encryption(LENC), then the FortiGate will not be able to establish SSL VPN connection with client.
- Refer to the sample below:
# get system status
Version: FortiGate-201E v6.2.4,build1112,200511 (GA)
Serial-Number: FG201ETK1xxxxx
FIPS-CC mode: disable
Current HA mode: standalone
License Status: Low-Encryption(LENC) <-----
- Low Encryption means that the FortiGate cannot use or inspect high encryption protocols such as 3DES and AES.It only uses a 56-BIT DES encryption to work with SSL VPN and IPSec VPN and it is not able to perform SSL Inspection.
- This is the reason why the option to modify the algorithm or ban-cipher is not available for low encryption FortiGate.
Solution
In order to use SSL VPN feature, upgrade the unit to a full encryption unit by acquiring a strong encryption upgrade license key.
Related Articles
Technical Tip: How to control the SSL version and cipher suite for SSL VPN