Skip to main content
ReiM
ReiM
New Member
March 26, 2026
Question

FortiNAC 500 v8.7 - How to Disable Legacy TLS Versions

  • March 26, 2026
  • 3 replies
  • 193 views

Hi All,

 

I am quite new to FortiNAC and would appreciate some guidance.

 

A recent vulnerability assessment identified TLS-related issues on a FortiNAC 500 running version 8.7. Based on our checks, the device is already EOL/EOS. However, immediate replacement is not currently possible, so we are exploring mitigation options.

 

The vulnerability recommendation is to disable TLS 1.0 and TLS 1.1 and allow only TLS 1.2 or higher.

 

May I know whether this EOL FortiNAC system supports disabling TLS 1.0/1.1 through configuration without upgrading the firmware?

 

Any advice or recommended workaround would be greatly appreciated.

 

Thank you very much.

3 replies

AEK
SuperUser
AEK
SuperUser
March 29, 2026

Hi Rei

If you mean for WiFi clients then you will find it under RADIUS configuration (Network > RADIUS), then you edit the Local RADIUS config and edit the TLS configuration.

AEK
ebilcari
Staff
ebilcari
Staff
April 1, 2026

You could still upgrade the firmware up to the 9.4 firmware branch, OS and Software Upgrade.

Emirjon
SkylarDe
SkylarDe
New Member
April 2, 2026

Disabling those older versions is definitely a good move for compliance. If the GUI isn't giving you the toggle, you usually have to jump into the CLI to modify the SSL cipher suite settings directly. Just make sure you double-check if any older hardware on your network still relies on those legacy handshakes before you kill them off entirely!

Terms & ConditionsAccessibility statement