SSL VPN Settings Missing

VPN
1

Hello Community.

I’m configuring FortiGate-VM firewall, but I can’t find my SSL settings.

Is it related to the license or is it because it virtual firewall? In fortiguard I can’t find any license specific for SSL.

2

Unable to see SSL VPN and IPsec options u… - Fortinet Community

Needs to be enabled in Feature Visibility, SSL VPN is slowly being phased out.

3

Depending on the code version there is a setting in the cli that enables sslvpn…

However, as mentioned, Fortinet and most of the industry is moving away from sslvpn due to all the vulnerabilities because they all use the openssl libraries in their code, and that’s where most of the vulnerabilities are coming from. Ipsec and ZTNA will be the path forward. I’ve stopped recommending sslvpn for a while now, ipsec is a lot more stable and forgiving with poor connections.

4

config system settings
set gui-sslvpn enable
end

5

why? IPsec is more secure?

6

Btw I don’t have SSL VPN is features

7

I solved my issue using command below, thank you

config system settings

set gui-sslvpn enable

end

8

There have been a LOT of vulnerabilities in SSL VPN (with all vendors, not just Fortinet) due to the large and complex custom code base. IPSEC VPN and ZTNA use a lot less custom code and thus have a smaller attack surface.

9

If you have the option and you’re building new, I’d suggest looking at IPsec remote access VPN or ZTNA as preferences over a fresh SSL VPN implementation. They’re mostly on parity in terms of feature set, and if you’re using IPsec you have throughput and security benefits with the option of using custom ports, like TCP/443 to circumvent port restrictions on public networks/hotspots, etc.

10

What’s your fortigate model and OS version? it is getting phased out on desktop models (30-90) on v7.6, with G-series having it removed before.

It’s been covered quite a bit on this subreddit. e.g.

https://www.reddit.com/r/fortinet/comments/1h6hdma/sslvpn_gone_on_90g_running_761/

EDIT: sorry, multitasking and missed the “VM” part. I don’t think the VMs are supposed to lose SSLVPN, afaik. Still might be useful to give your software version though - easier to check for known issues :slight_smile:

11

Okay I understand, thank you

12

Just to add, I believe some of the vulnerabilities prior have been caused by open source libraries as well, so not just Fortinet custom code to blame.

13

No worries, it’s FortiGate VM-64 KVM v7.4.7 | 4cpu