Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aagrafi
Contributor II

Deactivate unnecessary ciphers

Hello,

It it possible to deactivate from a FortiGate the unnecessary ciphers? For example, if the preferred ciphers are AES-256, AES-192, is it possible to deactivate all the others?

 

This requirements is coming from an external consultant who did an audit to our FortiGates and suggested this as security hardening.

 

Thanks

Andreas

1 REPLY 1
aagrafi
Contributor II

 

config vpn ssl settings   set algorithm <cipher_suite> end

 

where one of the following variables replaces <cipher_suite>:   low Use any cipher suite; AES, 3DES, RC4, or DES.   medium Use a 128-bit or greater cipher suite; AES, 3DES, or RC4.   high Use a ciper suite grather than 128 bits; AES or 3DES.