FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the steps to disable MTLS temporarily via CLI.
Scope
All FortiGates.
Solution
Enter the following commands in the CLI to disable mTLS (Mutual Transport Layer Security) authentication on the FortiGate:
config authentication scheme edit "mtls" set method cert set user-cert disable next end
config authentication rule edit "mtls" unset active-auth-method next end
config authentication setting unset user-cert-ca
end
Disabling mTLS authentication means clients will no longer need certificates to connect securely. Ensure the change is consistent with the security standards of the organization.
