Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sthapa
Staff
Staff

Created on ‎11-10-2020 09:41 AM Edited on ‎11-06-2024 08:14 AM By Moderator

Article Id 197803

Technical Tip: How to block lower TLS version for pass-through traffic

Description

 

This article describes how to block lower TLS versions for pass-through traffic.

Solution

 

It is possible to block lower TLS versions TLS 1.0 & 1.1 version for pass-through traffic using application control profile.

  • Enabling application profile.
  • Select the application Overrides signature by selecting '+ Create New'.

 
  • Then, Select the 'SSL_TLSv1.0 and SSL_TLSv1.1' signature, select 'Ok', and set the action to 'Block'.
 
 
  • Use this application profile in the IPv4 policy to block TLS 1.0 & 1.1 Version traffic.
  • Make sure to use 'Proxy-based' Inspection Mode otherwise, it won't work.
 
 
Go to Log & report -> Application Control -> Check Logs.

 

Related articles:

22701
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.