Fortinet has announced that starting from version 7.6.0, SSL VPN will no longer be supported on FortiGate models with 2GB of RAM or less. This affects both SSL VPN web and tunnel modes, which will be removed from the GUI and CLI. Affected models include FGT-40F/FWF-40F, FGT-60F/FWF-60F, FGT-61F/FWF-61F, and 2GB versions of FGR-60F.
This decision aims to optimize performance and enhance security. SSL VPN’s resource-intensive processes strain devices with limited RAM, leading to suboptimal performance. Additionally, IPsec VPN is considered more secure due to its robust encryption standards, offering better protection against cyber-attacks. By focusing on IPsec VPN, Fortinet can streamline development and support, ensuring more reliable and efficient VPN solutions.
Users of affected models are required to migrate to IPsec Dialup VPN. Fortinet has provided detailed instructions and support for this transition, which can be found in their official guide on SSL VPN to IPsec VPN Migration.
Norway’s National Cyber Security Centre also recommends replacing SSL VPN with more secure alternatives, such as IPsec VPN, citing increased security risks associated with SSL VPN. More details on their recommendations can be found here.
While only specific models are impacted initially, Fortinet has indicated that more models and versions may be added to this list in the future as they continue to optimize their product line.
Additionally, since version 7.4.4, it is possible to send IPsec traffic through TCP, providing more flexibility and reliability in different network environments. More information on this feature can be found here.
It’s also part of a trend to remove features in devices with 2GB RAM; starting from version 7.4.4, proxy-related features are no longer supported on FortiGate models with 2GB of RAM or less. here
At Pablosec, we were part of the FortiOS 7.6 beta testing and are familiar with the migration process and available options. We offer services to assist with migrating from SSL VPN to IPsec VPN, ensuring a smooth transition and continued secure remote access.
This mandatory migration highlights Fortinet’s commitment to maintaining high security and performance standards. Users should promptly verify their device specifications and begin the migration process to ensure seamless remote access. For more detailed steps on migrating to IPsec VPN, refer to Fortinet’s official resources here.
By making this transition, Fortinet aims to enhance the security and efficiency of its VPN solutions, providing users with a robust and reliable remote access option.