yes E&Y did 
a few others they punched through 
when we were using ASA we used 10443 and 443 for years DTLS to the other commenter’s post is faster but we are slow
The 90G has 8GB RAM I believe so I’m not sure why they are cutting the SSL option as soon as you upgrade to 7.6
allow IPSec over other ports
Apparently only ports 1024-65535, so still no cookie for the environments that block anything but web.
Theres also “VPN-Anonymous VPN” in the internet services database. I use ISD more often now. For inbound policies my first policy denies:
- Tor-Exit.Node
- Tor-Relay.Node
- Botnet-C&C.Server
- Malicious-Malicious.Server
- Phishing-Phishing.Server
- Proxy-Proxy.Server
- Spam-Spamming.Server
When I see alot of hits on that policy it’s led to discover a compromise is in progress!
For servers that need internet I ALWAYS use the ISD instead of static ports to “all”.
Oh, well, now I feel a little stupid for my rant. It’s mostly still true though. To be honest, we have more issues with SSL VPN excluding security than we do with IPSEC, so I think we are going to deploy IPSEC moving forward.
No. It was presented by the Fortigate product manager at Xperts. 7.6 release notes also specifies which models it is removed from in that version. What is your source?
Nope, youre’re wrong. Only the tabletop G-series ans <4GB F-series will loose SSL VPN. Tabletop 4GB F-series will still have SSL VPN under all release trains.
Same here. SSL had an advantage because you could use SAML with Azure/EntraID but that’s now also available on IPSEC (haven’t tested it yet)
This is exactly why we need Fortinet to publish something on their website. The amount of cross-information is crazy.
I’m sure lots of account managers are saying conflicting things which doesn’t help
Actual Fortinet documentation!
Thanks!, that’s most helpful