The BEAST attack is only applicable to TLS 1.0 with cipher suites using CBC mode. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected (for example, RC4 128).
The problem is essentially a client side issue, and all major web browsers (Firefox, Chrome, MSIE) have updated versions available for download, which fix this issue. However, even though it's a client side problem, the FortiOS firmware version 4.0 MR3 Patch 3 and higher, and the FortiOS firmware 5.0 has a counter measure for this attack (by using a method of sending empty fragments), if CBC cipher suites are used. Despite this counter measure, several customers using FortiOS firmware 4.0 MR3 Patch 3 and higher, and FortiOS version 5.0, have reported PCI audit failure, as the audit software indicated that a FortiGate unit, running these firmware versions, was detected as vulnerable to the BEAST attack.
If a FortiGate unit running FortiOS 4.0 MR3 Patch 3 and higher, or FortiOS 5.0 is detected to be vulnerable to the BEAST attack by a PCI audit software, it's almost certainly a false positive. The PCI scan probably simply checks, if the server will respond to SSL 3.0 or TLS 1.0. This test however is only sufficient to determine if a device might be vulnerable, but can not confirm with certainty, if the device is vulnerable. To identify, if the particular machine is really vulnerable to the BEAST attack, the PCI scan must check for empty fragments. If it can detect them, then the machine being tested is not vulnerable, if it does not detect them, then the machine is vulnerable.
FortiOS firmware version 4.0 MR3 Patch 3 and higher, and FortiOS version 5.0, uses empty fragments to protect from the BEAST attack.