Skip to main content
trymeee
trymeee
Visitor III
September 23, 2024
Solved

Is there anyway to disable / enable specific TLS cipher suites that I want to use for fortigate fire

  • September 23, 2024
  • 4 replies
  • 2366 views

For example, for TLS 1.2, i want to enable / use only these cipher suites and in order / priority. Meaning that all other TLS1.2 not in the list below, will not be accepted / allowed. Is there any possible way to do so, if so how? If not, what would be the best / closest method in achieving something like this or similar. THANK YOU SO MUCH!!! I really appreciate any sort of help.

TLS1.2 Ciphers

1 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
3 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
4 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
5 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
6 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
7 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
9 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
10 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

 

 

 

Best answer by xshkurti

@trymeee 

 

There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.

 

4 replies

AEK
SuperUser
AEK
SuperUser
September 23, 2024

You mean for FortiGate local traffic or for SSL inspection profile?

AEK
    xshkurti
    Staff
    xshkurtiAnswer
    Staff
    September 23, 2024

    @trymeee 

     

    There are some ways to do it.
    First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
    FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
    Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
    Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.

     

      trymeee
      trymeeeAuthor
      Visitor III
      September 30, 2024

      Thanks for all who helped, I think for now I am satisfied with the answers I have found.

       

        xshkurti
        Staff
        xshkurti
        Staff
        October 1, 2024

        Hi @trymeee 
        Thanks for the feedback.

         

        Can you mark my answer as a solution so other guys that might require the same information, have it easier to find this post?

         

        Thanks

         

          Terms & ConditionsAccessibility statement