Description |
This article describes how to change the TLS version for the incoming listening port TCP/8888, TCP/8890, TCP/8891 and TCP/8900 in FortiManager and FortiAnalyzer (if applicable).
TCP/8888 : For FortiGate Web Filter queries, AV & IPS updates. TCP/8890 : For FortiGate Registration for license validation and UTM updates (AV, IPS). TCP/8891 : FortiManager listens to FortiGuard for FortiClient AV/IPS database and Web Filter database updates. TCP/8900 : For FortiGate FortiGuard Web Filter and Email Filter.
Applies only when FortiManager is acting as a local FortiGuard server. https://docs.fortinet.com/document/fortimanager/7.0.0/fortimanager-ports/465971/incoming-ports |
Scope | |
Solution |
By default all the said listening ports are set to TLSv1.2, to change to different TLS version for those ports, it is possible set via CLI as follows, example below was based on version 7.0.
# config fmupdate fds-settin
Note. fds-ssl-protocol - The SSL protocols version for receiving FortiGate connection (default = tlsv1.2). |
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.