Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
trymeee
New Contributor

Created on ‎09-23-2024 01:33 AM Edited on ‎09-29-2024 08:54 PM

Is there anyway to disable / enable specific TLS cipher suites that I want to use for fortigate fire

For example, for TLS 1.2, i want to enable / use only these cipher suites and in order / priority. Meaning that all other TLS1.2 not in the list below, will not be accepted / allowed. Is there any possible way to do so, if so how? If not, what would be the best / closest method in achieving something like this or similar. THANK YOU SO MUCH!!! I really appreciate any sort of help.

TLS1.2 Ciphers

1 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
3 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
4 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
5 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
6 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
7 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
9 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
10 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

 

 

 

Labels:
862
0 Kudos
1 Solution
xshkurti
Staff
Staff

Created on ‎09-23-2024 02:01 AM

@trymeee 

 

There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7....
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.

 

View solution in original post

836
4 REPLIES 4
AEK
SuperUser
SuperUser

Created on ‎09-23-2024 02:01 AM

You mean for FortiGate local traffic or for SSL inspection profile?

AEK
AEK
838
xshkurti
Staff
Staff

Created on ‎09-23-2024 02:01 AM

@trymeee 

 

There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7....
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.

 

837
trymeee
New Contributor

Created on ‎09-29-2024 08:55 PM

Thanks for all who helped, I think for now I am satisfied with the answers I have found.

 

650
xshkurti
Staff
Staff

Created on ‎10-01-2024 03:03 AM

Hi @trymeee 
Thanks for the feedback.

 

Can you mark my answer as a solution so other guys that might require the same information, have it easier to find this post?

 

Thanks

 

617
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.