# config firewall ssl-serverTo add TLS 1.3 to a virtual server profile use the following command from the CLI:
edit "1"
set ip 172.16.200.99
set port 443
set ssl-mode half
set add-header-x-forwarded-proto enable
set url-rewrite disable
set mapped-port 80
set ssl-cert "Fortinet_CA_SSL"
set ssl-dh-bits 2048
set ssl-algorithm high
set ssl-client-renegotiation allow
set ssl-min-version tls-1.3 <----- Add tls 1.3.
set ssl-max-version tls-1.3 <----- Add tls 1.3.
set ssl-send-empty-frags enable
next
end
# config firewall vip
edit "1"
set id 0
set uuid ba50ae56-8c64-51e9-956c-860a475e69c5
set comment ''
set type server-load-balance
set extip 0.0.0.0
set extintf ''
set arp-reply enable
set server-type https
set nat-source-vip disable
set gratuitous-arp-interval 0
set http-ip-header disable
set ssl-client-rekey-count 0
set ssl-hpkp disable
set ssl-hsts disable
set color 0
set ldb-method static
set persistence none
set extport 443
set http-multiplex disable
set outlook-web-access disable
set weblogic-server disable
set websphere-server disable
set ssl-mode half
set ssl-certificate ''
set ssl-dh-bits 2048
set ssl-algorithm high
set ssl-pfs require
set ssl-min-version tls-1.3 <----- Add tls 1.3.
set ssl-max-version tls-1.3 <----- Add tls 1.3.
set ssl-send-empty-frags enable
set ssl-client-fallback enable
set ssl-client-renegotiation secure
set ssl-client-session-state-type both
set ssl-client-session-state-timeout 30
set ssl-client-session-state-max 1000
set ssl-http-location-conversion disable
set max-embryonic-connections 1000
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.