Configuring an SSL connection
An SSL connection can be configured between the two devices, and an encryption level selected.
Use the CLI commands to configure the encryption connection:
config log fortianalyzer setting
set status enable
set enc-algorithm {default* | high | low | disable}
end
The default encryption automatically sets high and medium encryption algorithms. Algorithms used for high, medium, and low follows openssl definitions:
• High - Key lengths larger than 128 bits, and some cipher suites with 128-bit keys.
Algorithms are: DHE-RSA-AES256-SHA:AES256-SHA: EDH-RSA-DES-CBC3-SHA: DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:AES128-SHA
• Medium - Key strengths of 128 bit encryption.
Algorithms are: RC4-SHA:RC4-MD5:RC4-MD
• Low - Key strengths of 64 or 56 bit encryption algorithms but excluding export cipher suites
Algorithms are: EDH-RSA-DES-CDBC-SHA; DES-CBC-SHA; DES-CBC-MD5.
If you want to use an IPSec tunnel to connect to the FortiAnalyzer unit, you need to first disable the enc-algorithm:
config log fortianalyzer setting
set status enable
set enc-algorithm disable
Then set the IPSec encryption:
set encrypt enable
set psksecret <preshared_IPSec_tunnel_key>
end
See Also