This the full config I configured for one of our customers, see below.
Note, when you type config vpn ssl settings and then type sh full, you will see all settings of the section
Note2, they use forticlient 4.0.2308
config vpn ssl settings
set sslvpn-enable enable
set sslv3 disable
set tlsv1-0 disable
set tlsv1-1 enable
set tlsv1-2 enable
set dns-server1 10.101.100.53
set dns-server2 10.101.100.54
set route-source-interface disable
set reqclientcert disable
set sslv2 disable
set allow-ssl-big-buffer disable
set allow-ssl-insert-empty-fragment enable
set allow-ssl-client-renegotiation disable
set force-two-factor-auth disable
set force-utf8-login disable
set servercert "Fortinet_CA_SSLProxy"
set algorithm default
set idle-timeout 300
set auth-timeout 28800
set tunnel-ip-pools "sslvpn-pool_192.168.200.0"
set dns-suffix ''
set wins-server1 0.0.0.0
I had a similar problem resolved as follows in the windows client stations:
1) have identified that access the link https: // <ip-address>: 10443 was not operating in Internet Explorer. But the test in Firefox worked;
2) Once checked in the advanced settings for Internet Explorer and activated the option to use TLS 1.2;
3) Performed the test again in connection with the SSLVPN client and started to work.
Hope this helps.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.