修改Fortinet TLS version for the FortiGate GUI access

因公司自行架設greenbone 來進行所有對外線路申請的固定IP進行簡易的掃瞄，來檢視是否已經的資安問題。

掃描結果有出現一個中度風險

It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.

Solution: Solution type: Mitigation It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.

大致是因為我的fortient WAN web console 還沒有將TLS 1.1關閉，所以才有此風險

處理的方式 可以參考 forti 提供的說明

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Modify-the-TLS-version-for-the-FortiGate-GUI/ta-p/196330

如果forti 有請用ssl vpn 則可以參考下列說明調整

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-control-the-SSL-version-and-cipher-suite/ta-p/191437

本篇瀏覽人數: 516