Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

About VAPT on fortigate

- Case closed -



Anyone had encounter the VAPT for fortigate even the hardening checklist had been completed using the CIS benchmark? How to solve this issue is listed below.

Foritgate is using 7.0.11.


Example like:

Vul Finding

"Weak SSL Cipher Suites Supported
The remote host supports the use of SSL/TLS ciphers that offer weak encryption, weak key exchange and weak hash algorithms.


Weak Encryption
AES with CBC


Weak Key Exchange


Weak Hash Algorithm


Vulnerable OpenSSH Version

The installed version of OpenSSH is affected by multiple vulnerabilities

- logic error
- out-of-bouns read
- double-free memory fault
- fail open permission list
- one-byte overflow
- double free in error path
- integer overflow
- improper group inheritance
- exploitation of low-privilege code
- double-free memory corruption
- CVE-2020-14871
- integer overflow
- memory side-channel attack
- CVE-2019-6111
- zero-length files creation

Contributor II

Vulnerability Assessment and Penetration Testing (VAPT) can be a complex process, and it's not uncommon to encounter vulnerabilities even after completing a hardening checklist. It's important to remember that hardening checklists are just one aspect of a comprehensive security strategy, and they may not cover all possible vulnerabilities.


To address any vulnerabilities discovered during a VAPT assessment, there are a few steps you can take:


1. Identify the vulnerabilities: The first step is to identify the specific vulnerabilities that were discovered during the assessment. This will help you prioritize which vulnerabilities to address first.


2. Determine the severity: Once you've identified the vulnerabilities, you need to determine their severity. This will help you determine how critical each vulnerability is and how quickly it needs to be addressed.


3. Develop a plan: Based on the severity of the vulnerabilities, you should develop a plan for addressing them. This may involve patching or updating the Fortigate software, adjusting your firewall rules, or implementing additional security controls.


4. Test the fixes: Before implementing any fixes, it's important to test them in a controlled environment to ensure they don't cause any unintended consequences.


5. Monitor for future vulnerabilities: VAPT assessments should be an ongoing process, so it's important to monitor your Fortigate firewall for future vulnerabilities and address them as soon as they are discovered.


It's also worth noting that Fortinet provides regular security updates and advisories, so it's important to stay up-to-date with these and apply any relevant updates as soon as possible.

Thanks & Regards,
Faizal Emam
Thanks & Regards,Faizal Emam

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors