Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
yitoo_FTNT
Staff
Staff

Created on ‎09-17-2024 06:13 AM Edited on ‎08-26-2025 01:39 AM By Community Manager

Article Id 341886

Technical Tip: Disable TLS 1.0 and 1.1 in FortiWeb Reverse Proxy mode

Description

 

This article describes how to disable TLS 1.0 and TLS 1.1 in reverse proxy mode.

 

Scope

 

FortiWeb.

 

Solution

 

In a Reverse Proxy, it is possible to disable TLS 1.0 and TLS 1.1 in the server policy and Server pool.

 

To disable TLS 1.0 and TLS 1.1 in the server policy, follow these steps:

 

  1. Go to Server-policy -> Advanced SSL setting -> SSL connection settings.
  2. Disable TLS 1.0 and 1.1.

DISABLE in SERVER-policy.png

 

To disable TLS 1.0 and TLS 1.1 in the Server -> Server pool, follow these steps:

  1. Select the Server pool for which it is desired to disable TLS 1.0 and TLS 1.1.
  2. Edit the Server-pool rule.
  3. Under Advanced SSL setting -> SSL connection settings, disable TLS 1.0 and 1.1. This setting is only visible when enabling SSL in the server pool.
                                                                      

DISABLE in SERVER-pool.png

 

From CLI:

 

config server-policy policy

    edit <Policy name>

        set tls-v10 disable

        set tls-v11 disable

        end

1381
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.