Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
trymeee
New Contributor

Is there anyway to disable / enable specific TLS cipher suites that I want to use for fortigate fire

For example, for TLS 1.2, i want to enable / use only these cipher suites and in order / priority. Meaning that all other TLS1.2 not in the list below, will not be accepted / allowed. Is there any possible way to do so, if so how? If not, what would be the best / closest method in achieving something like this or similar. THANK YOU SO MUCH!!! I really appreciate any sort of help.

TLS1.2 Ciphers

1 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
3 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
4 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
5 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
6 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
7 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
9 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
10 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

 

 

 

1 Solution
xshkurti
Staff
Staff

@trymeee 

 

There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7....
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.

 

View solution in original post

4 REPLIES 4
AEK
SuperUser
SuperUser

You mean for FortiGate local traffic or for SSL inspection profile?

AEK
AEK
xshkurti
Staff
Staff

@trymeee 

 

There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7....
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.

 

trymeee
New Contributor

Thanks for all who helped, I think for now I am satisfied with the answers I have found.

 

xshkurti
Staff
Staff

Hi @trymeee 
Thanks for the feedback.

 

Can you mark my answer as a solution so other guys that might require the same information, have it easier to find this post?

 

Thanks

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors