Chapter 16 SSL VPN : Basic configuration : Configuring encryption key algorithms
  
Configuring encryption key algorithms
The FortiGate unit supports a range of cryptographic cipher suites to match the capabilities of various web browsers. The web browser and the FortiGate unit negotiate a cipher suite before any information (for example, a user name and password) is transmitted over the SSL link. You can only configure encyrption key algorithms for SSL VPN in the CLI.
To configure encryption key algorithms - CLI:
Use the following CLI command,
config vpn ssl settings
set algorithm <cipher_suite>
end
where one of the following variables replaces <cipher_suite>:
Variable
Description
low
Use any cipher suite; AES, 3DES, RC4, or DES.
medium
Use a 128-bit or greater cipher suite; AES, 3DES, or RC4.
high
Use a ciper suite grather than 128 bits; AES or 3DES.
Note that the algorithm <cipher_suite> syntax is only available when the sslvpn-enable attribute is set to enable.
See Also
Route-based connection
Firewall addresses
Create an SSL VPN security policy
Create a tunnel mode security policy
Split tunnel Internet browsing policy