Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rosalyn
Staff
Staff

Created on ‎01-02-2020 01:27 AM Edited on ‎10-26-2024 07:49 AM By Moderator

Article Id 196330

Technical Tip: Modify the TLS version for the FortiGate GUI access

Description


This article describes how to change the TLS version via CLI when accessing the GUI.

Solution


By default, TLS 1.1 and TLS 1.2 are enabled when accessing to the FortiGate GUI via a web browser.


To verify what version is enabled:

 

config system global

    show full-config | grep 'min-proto'

end 

 

The output screenshot below is an example from version 7.2.8 firmware: 

 

kb1.png

 

if VDOMs are enabled, enter this again:

 

config system global 

 

get | grep 'min-proto'

 

To change this setting from the CLI:

 

config system global
    set admin-https-ssl-versions (shift + ?) <- To list the available TLS version.

tlsv1-0 TLS 1.0.
tlsv1-1 TLS 1.1.
tlsv1-2 TLS 1.2.
set admin-https-ssl-versions tlsv1-2 <- With this setting, only TLS 1.2 is allowed.

end

 

From FortiOS 6.4, tlsv1-0 is no longer supported and instead, tlsv1-3 was introduced:

 

config system global

set admin-https-ssl-versions 
tlsv1-1 TLS 1.1.
tlsv1-2 TLS 1.2.
tlsv1-3 TLS 1.3.

 

Related articles:

109042
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.