For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5.6 > SSL Security Settings

SSL Security Settings

Created by dave. Last edited by dave, 99 days ago. Viewed 356 times. #3
[diff] [history] [edit] [rdf]
labels
attachments
(2019-03-13)

Problem

Standard configuration for (more) secure crypto

Solution

config sys global
  set admin-https-ssl-versions tlsv1-2
  set fds-statistics disable
  set strong-crypto enable
end

For each vDom with SSLVPN active in it:

config vpn ssl setting
  set algorithm high
  set banned-cypher 3DES AESGCM CAMELLIA
  set tlsv1-0 disable
  set tlsv1-1 disable
end

Notes:

  • set strong-crypto enable appears to be a default in 5.6
  • set fds-statistics isn't about crypto, but FortiNet recommends turning it off.
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt