Fortinet Ends SSL-VPN Support From 7.6.3 Onwards! 

Fortinet has announced the complete removal of SSL VPN tunnel mode functionality in the upcoming FortiOS 7.6.3 release. 

This change, affecting all FortiGate models regardless of size, marks the culmination of Fortinet’s gradual phase-out of SSL VPN that began with smaller devices in previous releases. 

Organizations must now prepare to migrate to IPsec VPN solutions before upgrading to maintain remote access capabilities.

Comprehensive Removal Across All Models

Starting with FortiOS 7.6.3, the SSL VPN tunnel mode feature will be completely unavailable in both the GUI and CLI interfaces. 

Crucially, existing SSL VPN tunnel configurations will not be automatically upgraded from previous versions, meaning administrators who upgrade without preparation will lose remote access functionality.

The announcement follows Fortinet’s earlier decision to remove SSL VPN functionality from devices with 2GB RAM or less, including popular entry-level models such as the FGT-40F, FGT/FWF-60F, FGT/FWF-61F series, and certain FGR-60F variants. 

CA Demir, a cybersecurity analyst, noted that Fortinet had previously removed SSL VPN support from smaller customer premises equipment (CPEs) due to memory constraints, but this latest decision now affects all models.

Migration Path to IPsec VPN

To ensure uninterrupted remote access, Fortinet has released comprehensive migration guides for both FortiOS 7.4 and 7.6 users. The migration process involves multiple steps:

Organizations must convert both FortiGate and FortiClient configurations before upgrading to FortiOS 7.6.3. 

The migration can be performed using either the GUI, CLI, or FortiConverter service, depending on the current FortiOS version and management setup.

While tunnel mode is being eliminated, Fortinet notes that SSL VPN web mode will continue to function under a new name: “Agentless VPN”. This ensures organizations can still provide browser-based remote access without requiring client software installation.

Research indicates that breaches exploiting SSL VPN vulnerabilities disproportionately affect small and mid-sized organizations that struggle to implement timely security patches.

According to researchers, by completely removing this feature, Fortinet is helping to steer the community to a safer online experience. A hacker or bad actor cannot exploit something that no longer exists.

Organizations are strongly advised to identify any SSL VPN deployments, plan transitions to IPsec VPN, and thoroughly test configurations before upgrading to FortiOS 7.6.3 to avoid unexpected disruptions to remote work capabilities.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy