Disable SSLv3 on FortiGate GUI and SSL VPN

To disable SSLv3 on both the FortiGate GUI and SSL VPN you need to run the below commands via CLI. According to the FortiGuard website, the only reported compatibility issue that may follow with running the below is with IE6

For the HTTPS GUI:

config system global
set strong-crypto enable


config vpn ssl settings
set sslv3 disable


Set Port Speed for a FortiGate Virtual Switch Interface

You might come across a scenario where you have created a Virtual Switch/Hardware Switch on your FortiGate and you need to set a specific port within that switch to a different speed

In our case we had a 4 port switch, 1 of those ports connected to another appliance, the other device was set as 100mb Full – by default all of the ports on the FortiGate virtual-switch were set to auto, so this 1 port ultimately fell down to 100mb Half

Below are the steps to set a port to the correct speed within a FortiGate switch

config system virtual-switch
edit <switch name>
config port
edit <port>
set speed <speed>

Speed options:

  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full

The steps needed to set an interface speed for a port that is not in a virtual-switch are slightly different, for that you use:

config system interface
edit <port>
set speed <speed>

You can use the show command to show available ports/switches that you can edit

Within the FortiGate web console under Network > Interfaces, if you hover over the Interface image you can see the speed of a port

Fortigate Interface GUI

Fortigate Interface GUI - Port Speed