For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5.6 > SSL Security Settings

SSL Security Settings

Created by dave. Last edited by dave, 4 years and 310 days ago. Viewed 1,403 times. #3
[diff] [history] [edit] [rdf]


Standard configuration for (more) secure crypto


config sys global
  set admin-https-ssl-versions tlsv1-2
  set fds-statistics disable
  set strong-crypto enable

For each vDom with SSLVPN active in it:

config vpn ssl setting
  set algorithm high
  set banned-cypher 3DES AESGCM CAMELLIA
  set tlsv1-0 disable
  set tlsv1-1 disable


  • set strong-crypto enable appears to be a default in 5.6
  • set fds-statistics isn't about crypto, but FortiNet recommends turning it off.
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt