Technical Note: Disable TLS 1 and TLS 1.1 for the Persistent Agent
Description
This article provides the steps to disable TLS 1 and TLS 1.1 for the Persistent Agent.
Important: Review agent versions distributed on the network before modifying TLS. Otherwise, agents still using TLS 1.0 and 1.1 will stop communicating with the server. For information on the most recent agent versions and support, refer to the Release Matrix and Agent release notes in the Fortinet Document Library.
Windows
Agent 3.3+ use TLS 1.0,1.1, or 1.2
Linux
Agent 3.3+ use TLS 1.0,1.1, or 1.2
MacOS
Agent 3.3,3.4,3.5 can use TLS 1.0
Agent 4.0+ can use TLS 1.1 or 1.2
Agents 3.0-3.2 use only SSLv3
Scope
Version: 8.2 and above
Solution
| 1. In the Administration UI, navigate to System > Settings > Persistent Agent > Transport Configuration. 2. Under TLS Service Configurations, highlight Default TCP entry and select Modify. 3. Uncheck Automatically Update Ciphers and Protocols on Upgrade. 4. Click the drill-down for TLS Protocols. Click the protocol desired to be added or removed. The field will update. 5. Click the Modify TLS Service Configuration Box to collapse the drill-down. 6. Click OK. |
Related Articles
Technical Tip: Disable TLS 1 and TLS 1.1 for the Admin UI on port 8443
Technical Tip: Disable TLS 1 and TLS 1.1 for captive portal port 443