Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinetforumfiokom
New Contributor II

What it is in SSL log, Event Subtype "unallowed-version"

HI, 

In a policy I turned on ssl deep inspection on HTTPS, LAN to WAN.

In the security events logs\ssl I found this BLOCK logs entries. Microsoft address, what could be the problem? 

What is meant in event subtype: unallowed-version?

 

ssl.png

 

Thanks

   

 

 

 

3 REPLIES 3
AEK
SuperUser
SuperUser

Hello

Which FortiOS version?

Can you share the following output?

config firewall ssl-ssh-profile
edit deep_insp_1
config ssl
show full | grep min
end
config https
show full | grep min
end

 

AEK
AEK
fortinetforumfiokom

Hi @AEK ,

Fortigate 201F 7.4.3  build 2573

 

FG201F (utibvd) # config firewall ssl-ssh-profile

FG201F (ssl-ssh-profile) # edit deep_insp_1

FG201F (deep_insp_1) # config ssl

FG201F (ssl) # show full-configuration | grep min

FG201F (ssl) # end

FG201F (deep_insp_1) # config https

FG201F (https) # show full-configuration | grep min
set min-allowed-ssl-version tls-1.1

FG201F (https) # end

FG201F (deep_insp_1) #

pminarik
Staff
Staff

Szia!

As AEK suggested, on the face of it it looks like the client is attempting to establish an SSL/TLS session using an SSL/TLS version that is configured as unsupported/blocked.

 

If you would like to confirm whether this result is valid and not a mistake, you will need to take a packet capture sample of this traffic, and then inspect it in wireshark to find out if there's anything that would trigger such action.

[ corrections always welcome ]
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors