Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Staff
Staff

Created on ‎01-05-2023 12:05 AM Edited on ‎01-05-2023 01:16 AM By Community Manager

Article Id 242057

Technical Tip: How to verify that transport layer security version 1 is disabled for administrative access

Description The article describes how to verify TLS 1.0 is disabled in the FortiGate administrative access.
Scope FortiGate.
Solution

If there is a security scanning tool try to scan FortiGate interface IP, it is possible to capture the packet by running command below:

 

# diagnose sniffer packet any "host <ip address>" 6 0 

 

<ip address> is the scanning tool's IP address.

 

Convert the output into .pcap format, and apply the filter using 'tls.record.version == 0x0301'.

It will be possible to observe that the FortiGate replies the TLSv1 with 'Alert' in 'Info' column on SSL handshakes as shown in the screenshot below:

mattchow_FTNT_2-1672902865920.png
312
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.