Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AmmaIsha
Staff
Staff

Created on ‎11-21-2024 06:56 AM Edited on ‎12-12-2024 10:46 PM By Moderator

Article Id 359125

Technical Tip: SSL VPN support on FortiGate desktop

 

Description This article describes which FortiGate desktop models have SSL VPN available in each firmware version.
Scope

Certain FortiGate F series desktop models. All FortiGate G series desktop models.

 

Larger FortiGate platforms (model numbers 100 and above) are not affected. VM platforms are not affected.
Solution

In v7.6.0 and later, the SSL VPN feature is removed for several F series desktop models. In most firmware versions, SSL VPN is not available for G series desktop models.

The following F series models have SSL VPN removed in v7.6.0 and later:

  • FortiGate 40F.
  • FortiWiFi 40F.
  • FortiGate 40F-3G4G.
  • FortiWiFi 40F-3G4G.
  • FortiGate 60F/61F.
  • FortiWiFi 60F/61F.
  • FortiGate Rugged 60F.
  • FortiGate Rugged 60F-3G4G.


The above models have SSL VPN available in v7.4 and earlier firmware. When upgrading to v7.6 and later, a warning shows, and SSL VPN is removed after the upgrade.

Future v7.2 and v7.4 releases are not expected to remove SSL VPN for F series models.

 

The following F series models do support SSL VPN in v7.6.0 and later, as well as in earlier firmware:

  • FortiGate 70F/71F.
  • FortiGate Rugged 70F and all variants (3G4G).
  • FortiGate 80F/81F and all variants (DSL, POE, Bypass, etc.).
  • FortiWiFi 80F/81F-2R and all variants (3G4G, POE, DSL, etc.).
  • All other F series models 100F and higher.


G series SSL VPN support:

 

FortiGate 12xG and higher as well as VM models support the SSL VPN feature which is also available in all firmware versions.

G series Desktop models such as FortiGate 30G and variants, FortiGate 5xG and variants, FG7xG and variants, and FortiGate 9xG* do not support the SSL VPN feature.

 

*In some 'G' series desktop models on earlier firmware versions, the SSL VPN feature may still work but is not supported. They would not be available for these platforms starting in FortiOS versions v7.0.16, v7.2.11, v7.4.7, and v7.6.1.

It is strongly recommended to migrate to another remote access method such as Dialup IPsec. This is because upgrading to later firmware will remove the feature (additional services such as FortiConverter Service, and FortiClient Best Practice Service (BPS) also offer support for helping to migrate from SSL VPN to IPsec VPN).

 

A Special Notice that the SSL VPN feature is not retained after the upgrade appears in release notes, see as an example v7.0.16 Release Notes.


Verifying if SSL VPN is configurable:


To verify if the feature is available on an existing device's current firmware, check the configuration file for a 'config vpn ssl settings' section, or log in as super_admin and check manually. If SSL VPN is not available, the following show command will fail.

 

FortiGate-91G # show vpn ssl settings

command parse error before 'settings'
Command fail. Return code -61

FortiGate-91G #

 

If the configuration section does exist but the SSL VPN does not show in GUI, verify if it has been made visible in GUI following this document: Update SSL VPN default behavior and visibility in the GUI.
Labels:
2031
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.