FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description PCI compliance reports feature an issue called 'HTTP Security Header notdetected', with a sub-section on X-Content-Type-Options HTTP header on FortiOS web administration interface (usually on port 443).
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is 'nosniff' if the server returns.
X-Content-Type-Options: 'nosniff' in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
Based on the test described in , MIME sniffing  is only possible on old versions of the Internet Explorer browser ; since FortiOS officially only supports modern Edge, Firefox, Chrome and Safari browsers, the risk is inexistant in practice.
Scope FortiOS web administration interface.
Solution Avoid using Internet Explorer to access the FortiOS administration interface and always keep the browser up to date.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.