Hi. Had an open ticket with FortiNet support on this forever it would seem, and not getting very far so I put this out to anyone with a fortigate who is PCI DSS compliant. Our Security ASV detects TLS1.0 on port 25 of our Fortigate (a 200E). I have had this problem for years, originally with a Fortigate 110c and was told that upgrading to 5.4.x would resolve it - Our 110c did not support 5.4.x so we bought a 200E now running 5.4.5 and it still hasn't been fixed. If we don't use deep scanning on the port, it goes straight through to the Exchange server and TLS1.0 has been disabled on there so it isn't a problem. If we use deep scanning for the anti-virus however, it fails so it is definitely the fortigate at issue. I have been told to try a load balance server but we only use port 25 for SMTP. There is no "TCPS" option on the load balance server, the only protocol which works in the LB server is TCP and this doesn't allow protocol choosing.
So, how have you guys got PCI DSS compliant with SMTP and TLS through your fortigates?
Note: TLS1.0 has been successfully blocked at all other ports/protocols, it is just SMTP/TLS left unresolved.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.