For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5 > Poodle


Created by dave. Last edited by dave, 2 years and 189 days ago. Viewed 1,210 times. #3
[diff] [history] [edit] [rdf]

Poodle fixes for 5.0 and 5.2 firmwares:

config system global  
    set strong-crypto enable  

config vpn ssl settings set sslv3 disable end

Note that for rancid access of a firewall configured in this way you have to explicitly select a secure cypher suite:

add cyphertype  fw-fortinet.domain.local     aes256-ctr,aes128-ctr
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt