After the significant updates that have been introduced since 7.4.4 regarding proxy-based inspection, the next important announcement will be published. If you’re using a FortiGate model with 2GB of RAM or less, there’s a critical update you need to be aware of: the SSL VPN web and tunnel mode features will no longer be accessible through the GUI or CLI in FortiOS 7.6. Existing SSL VPN configurations of previous versions will not be adopted. You should therefore rethink your VPN concept if you have one of the following devices and want to switch to FortiOS 7.6.
Affected FortiGate Models
This change primarily affects the following FortiGate models:
- FGT-40F/FWF-40F
- FGT-60F/FWF-60F
- FGT-61F/FWF-61F
- FGT-50G
Additionally, no support for some new «G»-models (despite larger memory):
- FGT-70G
- FGT-90G
If you’re unsure whether your device is affected, you can easily check its RAM by entering the following command in the CLI: diagnose hardware sysinfo conserve. If the total RAM is less than 2000 MB (2 GB), your device is impacted (except for the G models mentioned). The information regarding limitations can also be found on the data sheets of the models concerned.
What Does This Mean for You?
With SSL VPN functionality being removed from these models, you’ll need to consider alternative solutions for remote access. The recommended approach is to migrate to IPsec Dialup VPN, which offers a secure and scalable way to connect remote users. However, an alternative to the SSL VPN web mode is not available. FortiGate has also published a guide to assist with this migration process, providing detailed instructions on how to configure and transition to IPsec Dialup VPN.
Planning Your Migration
While this might seem like a big change, Fortinet has resources available to help make the transition smoother. Check out their official guide on migrating from SSL VPN to IPsec VPN for step-by-step instructions and best practices.
Pro Tip: Don’t wait until the firmware update hits—start planning your migration now to ensure minimal disruption for remote users.
Staying proactive with updates to mature releases like this not only keeps your network secure but also ensures that your business can continue running smoothly without interruptions.
Stay secure!
Important Links:
FortiOS 7.6 Release Notes: https://docs.fortinet.com/document/fortigate/7.6.0/fortios-release-notes/877104/ssl-vpn-removed-from-2gb-ram-models-for-tunnel-and-web-mode
SSL VPN to IPsec VPN Migration: https://docs.fortinet.com/document/fortigate/7.6.0/ssl-vpn-to-ipsec-vpn-migration/126460/introduction
FortiGate 90G Series Data Sheet : https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-90g-series.pdf
