Just more ramblings of another IT Guy

Microsoft Update breaks Fortigate SSL VPN portal

It seems that a a recent update provided by Microsoft to fix vulnerabilities in  has broken fuctionality of the SSL VPN on Fortigate devices. If you see the following error messages when browsing to the login page you may be expierencing this issue:

 

Internet Explorer:
Internet Explorer cannot display the webpage

Firefox:
The connection was reset
The connection to the server was reset while the page was loading.

Chrome:
No data received
Unable to load the web page because the server sent no data.

 

The update released by Microsoft is to fix a vulnerability in SSL 3.0 and TLS 1.0. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. More from Microsoft here

 

Fortinet’s customer support bulletin CSB-120117-1 refers to the issue. Custom firmware which includes a patch is available on demand from Fortinet support. . Forthcoming general releases will include this fix.

This entry was posted in Fortigate, Security, Windows. Bookmark the permalink.

4 Responses to Microsoft Update breaks Fortigate SSL VPN portal

  1. Juliano says:

    I was wondering if you have a link for the above mentioned fortinet bulletin

  2. Karl says:

    My initial investigations would suggest that this not only affects Microsoft, but Ubuntu systems as well. This would suggest it could be a general SSL security update rather than a Microsoft one. I have a few machines and older ones (before the updates) work fine, but all the newer one have the same problem, on both OS’s.

  3. Martin says:

    Look at the end of this page. http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/e6e8ada8-bc12-4f6f-8de3-1d3fd2ff4931

    there were de bulletin, and some temporal fixes

Leave a Reply

Your email address will not be published. Required fields are marked *