Printer Friendly Version
Fortinet SSLVPN Breaks After SSL/TLS Security PatchLast Updated: 2/10/12
Per Customer Support Bulletin CSB-120117-1:
Description of Issue:
After installing a Microsoft security update users may no longer be able to connect to the SSLVPN
portal on a FortiGate. This issue has been reported by users running Internet Explorer, Firefox 10.0
and Chrome browsers.
Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is
referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker to
intercept encrypted traffic.
The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with
FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN
All FortiGate models and software versions using the SSLVPN portal feature in combination with
client workstations that are using Internet Explorer, Chrome or Firefox 10.0 browsers.
The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-
Details of the Microsoft security bulletin can be found on the following web page:
Fortinet will produce an update to FortiOS to restore the compatibility with systems that have been
updated with the Microsoft patch. A special build of software will be available "on demand" from a
Fortinet support center from Friday 20th January, the enhancement will also be included in all future
patch releases for GA release.
Work Around #1: Use a non Internet Explorer browser that is a least one version old (ex: Firefox 9.0)
Work Around #2:
Forum threads discussing this topic:http://support.fortinet.com/forum/tm.asp?m=80256
To solve this problem, my understanding is that you must be at FortiOS version 4.2.11 or 4.3.5 or higher. All prior versions are affected and must use a work around. There is also a special release of 4.2.x that will fix the problem. Here is the exact build info: v4.0,build3118,120117 (MR2)
Keywords: Fortinet, Fortigate, MS12-006, SSLVPN, TCP reset, connection reset, Internet explorer, firefox