FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 242057
Description The article describes how to verify TLS 1.0 is disabled in the FortiGate administrative access.
Scope FortiGate.

If there is a security scanning tool try to scan FortiGate interface IP, it is possible to capture the packet by running command below:


# diagnose sniffer packet any "host <ip address>" 6 0 


<ip address> is the scanning tool's IP address.


Convert the output into .pcap format, and apply the filter using 'tls.record.version == 0x0301'.

It will be possible to observe that the FortiGate replies the TLSv1 with 'Alert' in 'Info' column on SSL handshakes as shown in the screenshot below: