The Root reasons for Disabling SSL VPN Functionality on Specific Devices

BruceLiu · ‎01-14-2025

Dear Team,
According to the article "Technical Tip: Special Notice for low end units (<2Gb RAM) upgrading to FortiOS 7.4.4 and 7.6.0," or "SSL VPN not supported on FortiGate 90G series models" We understand that FortiGate units with less than 2GB RAM will lose SSL VPN functionality, including the security posture check supported by SSL VPN, when upgrading to newer versions. I would like to inquire about the core reason for this. Will larger models of FortiGate also face this dilemma in the future? Additionally, if larger models also gradually do not support SSL VPN along with the security posture check, what would be the alternative solution?
Regards,
Bruce Liu

AEK · ‎01-15-2025

Hi Bruce

In addition to Minarik's response, I think one of the main reasons for which SSL-VPN is not recommended anymore is that historically there were many critical and high vulnerabilities discovered on SSL-VPN, which just makes it statistically unsafe even if they were patched each time.

You can check here.

https://www.fortiguard.com/search?q=ssl-vpn&engine=1&type=psirt

On the other hand, if I understand well your last question, yes there are third party products that can connect with FortiGate through SSL-VPN (like fortisslvpn plugin) and through IPsec VPN (like strongSwan).

AEK

The Root reasons for Disabling SSL VPN Functionality on Specific Devices

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website