Summary
Fortinet has announced the end of support for SSL VPN on several of its older devices, a move aimed at enhancing security and ensuring compatibility with modern cryptographic standards. This termination includes FortiOS versions running on models that do not support TLS 1.2 or higher. The company cites the need to mitigate cybersecurity risks stemming from legacy encryption protocols like TLS 1.0 and 1.1, which are no longer considered secure. Fortinet has urged all users to transition to newer hardware and software that support current encryption practices.
Risks
Continuing to use SSL VPN on outdated Fortinet hardware and firmware exposes organizations to significant security risks. The primary concern is the use of deprecated TLS versions, which are vulnerable to several known attacks, such as POODLE, BEAST, and various man-in-the-middle exploits. Devices still relying on these insecure protocols can be easily targeted by attackers, putting sensitive data and network integrity at risk. Moreover, the lack of support means no future security patches or updates, leaving known vulnerabilities unaddressed.
Affected Version
Fortinet has not released a comprehensive list of exact versions affected, but the change primarily impacts older devices and FortiOS versions that only support TLS 1.0 and 1.1. Users running FortiOS versions on legacy hardware that do not meet the TLS 1.2 requirement should assume they are affected and begin transition planning immediately.
Remediation
Organizations currently using SSL VPN on Fortinet hardware that does not support TLS 1.2 should take the following steps:
1. Assess Devices: Identify and audit all Fortinet devices in use to determine which models support TLS 1.2 or higher.
2. Upgrade Hardware: Replace unsupported legacy devices with newer models that comply with modern encryption standards.
3. Update Firmware: Ensure that all devices are running FortiOS versions that support TLS 1.2 or above.
4. Transition from SSL VPN: Consider moving to Fortinet’s IPSec VPN or other secure remote access solutions as alternatives to deprecated SSL VPN setups.
Conclusion
The end of SSL VPN support on older Fortinet devices reflects a necessary step in improving cybersecurity posture across enterprise environments. With threats evolving rapidly and encryption standards tightening, organizations must proactively retire vulnerable systems. Failing to upgrade not only violates best practices but also leaves businesses exposed to potentially catastrophic breaches. By upgrading to supported devices and protocols, enterprises can safeguard their infrastructure and align with modern security frameworks.