If your FortiGate firewall has more than 2GB of RAM, then this post isn’t for you—feel free to move along. But if it has less than 2GB of RAM, you’ll want to read this before upgrading to FortiOS 7.6.
Typically, when a new release comes out, it’s packed with a list of new features and enhancements. FortiOS 7.6, however, is breaking the mold by taking something away instead. Specifically, for models with 2GB of RAM or less, the SSL VPN feature is being removed.
If you’re like many organizations, remote access VPNs are a critical part of your infrastructure, and upgrading before you’re ready can cause unneeded stress. So, what are your options if you’re running a model affected by this change?
- Upgrade to a higher RAM model: If your current firewall is on the lower end of the RAM scale, you could opt to upgrade to a more powerful model that retains the SSL VPN feature.
- Migrate to IPsec VPN: Alternatively, you can migrate to IPsec VPN for remote access. This might actually be a positive shift. While SSL VPNs, powered by OpenSSL, have a questionable track record of vulnerabilities, IPsec tends to be more robust and secure – with a lot fewer problems.
Affected models include the FortiWiFi “F” Series and FortiGate 40F, 60F, and 61F. If you want to confirm how much RAM you have, enter “diagnose hardware sysinfo conserve” in the CLI of the FortiGate interface.
Thankfully, to help with this migration, Fortinet has published a guide on moving from SSL VPN to IPsec VPN, including details on SAML (Security Assertion Markup Language).
To sum it up, if your FortiGate firewall falls into that 2GB RAM category, it’s time to make a choice. Whether you upgrade to a more powerful model or switch to the more reliable IPsec VPN, taking action now will keep your remote access running smoothly.
Remember to keep up with those release notes, folks!
Have more questions? Reach out to us by calling (502) 240-0404 or emailing info@mirazon.com! We’re proudly based in Louisville, KY, serving clients nationwide. Whether it be Managed IT Services, IT Consulting, or other forms of IT support, we’ve got you covered.