Created on 04-18-2021 10:56 PM Edited on 10-27-2023 02:20 AM By Jean-Philippe_P
Description
This article describes how to enable the HSTS for the admin login page.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS).
The lack of HSTS allows downgrade attacks, and SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Scope
From version 6.2.6.
Solution
From CLI.
config system global
set admin-hsts-max-age <value> <----- Range 0- 2147483647.
end
Note.
Verification.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.