Skip to main content
KondoTakumi
KondoTakumi
Explorer
April 28, 2025
Question

SSL-VPN Tunnel Mode Support with FortiClient in FortiOS 7.6.3 and Beyond

  • April 28, 2025
  • 2 replies
  • 2826 views

Hello,

After reviewing the release notes for FortiOS 7.6.3, I noticed that SSL-VPN Tunnel Mode is no longer supported.
Does this mean that all users who rely on FortiClient will need to migrate to IPSec?
I still do not fully understand the differences between SSL-VPN Web Mode and Tunnel Mode, so I would also appreciate a brief explanation of these.

Additionally, I have an environment where I need to continue using SSL-VPN for the next two years.
Would it be safe to continue operating with an earlier version of FortiOS (7.6.2 or below) that still supports SSL-VPN functionality?

I would appreciate any responses or insights from the community.

(Please note that this translation was generated by AI, so I apologize for any mistakes in advance.)

2 replies

kaman
Staff
kaman
Staff
April 28, 2025

Hi KondoTakumi,

Starting from FortiOS 7.6.3, SSL VPN tunnel mode is no longer supported. All existing configurations related to SSL VPN tunnel mode, including associated firewall policies, are not upgraded from previous versions to FortiOS 7.6.3.


To ensure uninterrupted remote access, you must migrate your SSL VPN tunnel mode configuration to IPsec VPN before upgrading to FortiOS 7.6.3.


Please refer to the document below on IPsec and SSL VPN comparison:


https://docs.fortinet.com/document/fortigate/7.6.0/new-features/155142/migration-from-ssl-vpn-tunnel-mode-to-ipsec-vpn-7-6-3%20Migration%20from%20SSL%20VPN%20tunnel%20mode%20to%20IPsec%20VPN%207.6.3%20%7C%20New%20Features


If you have found a solution, please like and accept it to make it easily accessible to others.


Regards,
Aman

    ametkola
    Staff
    ametkola
    Staff
    April 28, 2025

    Hi @KondoTakumi ,

     

    Regarding your queries, yes as explained above the SSL VPN is no longer support from v7.6.3 and onward. As a working scenario Fortinet published a documentation to migrate to IPsec dialup >>https://docs.fortinet.com/document/fortigate/7.6.0/ssl-vpn-to-ipsec-vpn-migration/140089/fortios-ssl-vpn-to-dial-up-vpn-migration 

     

    The differences on SSL VPN web mode and tunnel mode : 

    Web-mode - allows you to connect without a proprietary vpn client (forticlient), however you are limited to a number of protocols you can use - eg (http/s;telnet;ssh;rdp;etc)

     

    Tunnel mode - can vpn any kind of traffic, but requires you to have a forticlient installation.

     

    In case in your environment is required to keep the SSL VPN running for the next 2 years than you can consider remain on v7.6.2 but make sure to check the release notes and the support until there.

     

    Regards,

     

     

     

     

      Terms & ConditionsAccessibility statement