It seems that a a recent update provided by Microsoft to fix vulnerabilities in has broken fuctionality of the SSL VPN on Fortigate devices. If you see the following error messages when browsing to the login page you may be expierencing this issue:
Internet Explorer:
Internet Explorer cannot display the webpage
Firefox:
The connection was reset
The connection to the server was reset while the page was loading.
Chrome:
No data received
Unable to load the web page because the server sent no data.
The update released by Microsoft is to fix a vulnerability in SSL 3.0 and TLS 1.0. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. More from Microsoft here
Fortinet’s customer support bulletin CSB-120117-1 refers to the issue. Custom firmware which includes a patch is available on demand from Fortinet support. . Forthcoming general releases will include this fix.
I was wondering if you have a link for the above mentioned fortinet bulletin
Hi Juliana,
I’m afraid the bulletin is only available once logged onto the support site support.fortinet.com
https://support.fortinet.com/EndUser/Bulletin.aspx
My initial investigations would suggest that this not only affects Microsoft, but Ubuntu systems as well. This would suggest it could be a general SSL security update rather than a Microsoft one. I have a few machines and older ones (before the updates) work fine, but all the newer one have the same problem, on both OS’s.
Look at the end of this page. http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/e6e8ada8-bc12-4f6f-8de3-1d3fd2ff4931
there were de bulletin, and some temporal fixes