Maximum TLS/SSL version compatibility
The tables below indicate the maximum supported TLS version that you can configure for communication between a FortiGate and FortiAnalyzer, as well as FortiAnalyzer's configured with log forwarding when the type is FortiAnalyzer.
For more information on secure log transfer and log integrity settings between FortiGate and FortiAnalyzer, see Appendix B - Log Integrity and Secure Log Transfer.
Maximum configurable TLS version for FortiGate to FortiAnalyzer communication:
|
FAZ 6.4.0+ |
FAZ 6.2.0+ |
FAZ 6.0.0+ |
FGT 6.4.0+ |
tlsv1.3 |
tlsv1.2 |
tlsv1.2 |
FGT 6.2.3 – 6.2.8 |
tlsv1.3 |
tlsv1.2 |
tlsv1.2 |
FGT 6.2.0 – 6.2.2 |
tlsv1.2 |
tlsv1.2 |
tlsv1.2 |
FGT 6.0.2 – 6.0.12 |
tlsv1.2 |
tlsv1.2 |
tlsv1.2 |
FGT 6.0.0 – 6.0.1 |
The setting is not configurable in FGT 6.0.0 - 6.0.1. |
This setting is not configurable in FGT 6.0.0 - 6.0.1. |
This setting is not configurable in FGT 6.0.0 - 6.0.1. |
Maximum configurable TLS version for FortiAnalyzer to FortiAnalyzer log forwarding:
|
FAZ 6.4.0+ |
FAZ 6.2.0+ |
FAZ 6.0.0+ |
FAZ 6.4.0+ |
tlsv1.3 |
tlsv1.2 |
tlsv1.2 |
FAZ 6.2.0+ |
tlsv1.2 |
tlsv1.2 |
tlsv1.2 |
FAZ 6.0.0+ |
tlsv1.2 |
tlsv1.2 |
tlsv1.2 |
To configure the global TLS/SSL version on FortiAnalyzer:
- In the FortiAnalyzer CLI, enter the following:
config system global
set ssl-protocol {tlsv1.3 | tlsv1.2 | tlsv1.1 | tlsv1.0 | sslv3}
To configure the global TLS/SSL version on FortiGate:
- In the FortiGate CLI, enter the following:
config system global
set ssl-min-proto-version {tlsv1.3 | tlsv1.2 | tlsv1.1 | tlsv1.0 | sslv3}