Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bognad
New Contributor

Created on ‎12-09-2020 02:00 AM

FortiGate-60E Low-Encryption Unable to Access FortiGate WebUI from HTTPS, HTTP only

Hello!

I have FortiGate-60E Low-Encryption

https://kb.fortinet.com/kb/documentLink.do?externalID=FD37333

 

I have error:

This site can’t provide a secure connection

fortigate.local uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Hide details Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.       I saw https://forum.fortinet.com/tm.aspx?m=104586 Is FortiGate-60E Low-Encryption support https WebGUI?
Preview file
37 KB
20556
0 Kudos
2 Solutions
emnoc
Esteemed Contributor III
In response to Bognad

Created on ‎12-11-2020 11:31 AM

Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo  40/56 bit encryption.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
18202
0 Kudos
Yurisk
SuperUser
SuperUser
In response to Bognad

Created on ‎12-14-2020 02:43 AM

Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff  will not work/work partially with it. 

So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
18202
0 Kudos
13 REPLIES 13
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-09-2020 11:12 AM

It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:

  fg50e-utm (global) # get | grep admin-https-ssl   admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.

13576
0 Kudos
Bognad
New Contributor
In response to Toshi_Esumi

Created on ‎12-11-2020 09:29 AM

toshiesumi wrote:

It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:

  fg50e-utm (global) # get | grep admin-https-ssl admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.

Many thanks for the prompt reply!

I have tried different browsers, they are support tls all versions.

A have tried enable all ssl options:

 

 

Preview file
25 KB
13576
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Bognad

Created on ‎12-11-2020 09:37 AM

I don't think so. You can check if LENC or not with one of methods in the KB:

https://kb.fortinet.com/k....do?externalID=FD37333

13576
0 Kudos
Bognad
New Contributor
In response to Toshi_Esumi

Created on ‎12-11-2020 09:44 AM

toshiesumi wrote:

I don't think so. You can check if LENC or not with one of methods in the KB:

https://kb.fortinet.com/k....do?externalID=FD37333

Yes i have LENC=Low Encryption.

Do LENC devices have not https GUI ?

13576
0 Kudos
Bognad
New Contributor
In response to Bognad

Created on ‎12-11-2020 09:37 AM

 unfortunately, i can attach one file...

 

I Have tried different version tls: 1-2...:

Preview file
6 KB
13576
0 Kudos
Bognad
New Contributor
In response to Bognad

Created on ‎12-11-2020 09:38 AM

 

 

 I think, fortigate has no ciphers support (bcz Low-Encryption version).

Fortigate's  answer "Handshake Failure":

 

 

Preview file
110 KB
13576
0 Kudos
emnoc
Esteemed Contributor III
In response to Bognad

Created on ‎12-11-2020 11:31 AM

Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo  40/56 bit encryption.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
18203
0 Kudos
Bognad
New Contributor
In response to emnoc

Created on ‎12-14-2020 02:31 AM

emnoc wrote:

Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo  40/56 bit encryption.

 

Ken Felix

 

Thank you!

But, 56-bit DES encryption is now obsolete, having been replaced as a standard in 2002. Firefox 1 supports 56-bit DES, but does not support WebGUI.

 

13576
0 Kudos
Yurisk
SuperUser
SuperUser
In response to Bognad

Created on ‎12-14-2020 02:43 AM

Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff  will not work/work partially with it. 

So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
18203
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.