Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NapaCab
New Contributor

TLSv1.3 is now an approved standard how will D & E series 5.6 Fortigates deal with it?

Now that the standard has been ratified, how will the Fortigate D (CP8) and Fortigate E series (CP9) deal with TLSv1.3?

 

 

23 REPLIES 23
x_member
Contributor

Philippe_Gagne

Hi,

 

On my side, I received a IPS Engine update file from the TAC. Executed two commands in CLI and reboot the fortigate. Deep-inspection is now working well with Facebook, Gmail and all other TLS 1.3 enabled sites! 

 

I'm waiting for an answer about the file they gave me: is this file is model related or I can use it in all my Fortiges.

 

Philippe

 

bommi

Hi,

 

can you tell us the version of ipsengine you got from TAC?

 

Best Regards

Dominik

NSE 4/5/7

NSE 4/5/7
Philippe_Gagne

Hi Dominik,

 

The file name is: flen-560-3.516.pkg. So, in the Fortigate, it's named Version 3.00516. 

 

If I take a look in another 5.6.3 Fortigate, original version look like Version 3.00442.

 

I receive the confirmation from the TAC: I can install this in any models. 

 

Thanks

 

Philippe

kurtli_FTNT

Hi guys,

   Thanks for the concern on Tls1.3. But the engine 3.00516/7 is not fully ready for tls1.3 yet, our IPS team is still working on it. 

 

 

Regards

Philippe_Gagne

Hi,

 

Do you know if there is any new version/interim? Actually, the version 3.00516 is now the one deployed by Fortiguard. 

 

Thanks

 

Philippe

kurtli_FTNT

Hi Philippe,

   The latest version of IPS engine now is  3.00518.

 

 

Thanks

Philippe_Gagne

Hi,

 

Is this version (or newer) will be released soon? 

 

thanks

 

Philippe

 

romanr

Hey,

 

I doubt that only the IPS engine will bring full TLS 1.3 compatibility.... I guess Fortigate is using mostly openssl and the new librarie will need to go into the firmware...

 

Br,

Roman

Labels
Top Kudoed Authors