Hello!
I have FortiGate-60E Low-Encryption
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37333
I have error:
fortigate.local uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH Hide details Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite. I saw https://forum.fortinet.com/tm.aspx?m=104586 Is FortiGate-60E Low-Encryption support https WebGUI?Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo 40/56 bit encryption.
Ken Felix
PCNSE
NSE
StrongSwan
Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff will not work/work partially with it.
So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .
It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:
fg50e-utm (global) # get | grep admin-https-ssl admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.
toshiesumi wrote:It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:
fg50e-utm (global) # get | grep admin-https-ssl admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.
Many thanks for the prompt reply!
I have tried different browsers, they are support tls all versions.
A have tried enable all ssl options:
I don't think so. You can check if LENC or not with one of methods in the KB:
toshiesumi wrote:Yes i have LENC=Low Encryption.I don't think so. You can check if LENC or not with one of methods in the KB:
https://kb.fortinet.com/k....do?externalID=FD37333
Do LENC devices have not https GUI ?
Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo 40/56 bit encryption.
Ken Felix
PCNSE
NSE
StrongSwan
emnoc wrote:Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo 40/56 bit encryption.
Ken Felix
Thank you!
But, 56-bit DES encryption is now obsolete, having been replaced as a standard in 2002. Firefox 1 supports 56-bit DES, but does not support WebGUI.
Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff will not work/work partially with it.
So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.