FortiOS / FortiMail / FortiAuthenticator by default disables SMBv1 support

Summary

Server Message Block (SMB) 1.0 - a legacy file and print sharing protocol - has been deprecated by Microsoft due to multiple weaknesses (remote code execution, downgrade, man-in-the-middle, collision and pre-image attack).

While it is only used as a client in FortiOS, as a measure of precaution SMBv1 support in FortiOS SSL-VPN and DLP is now disabled by default starting from 6.0.1 [1][2] and 5.6.6 [3] for High-End models (FortiGate 1000 series and higher models) and Virtual Machine models and can be re-enabled by applying the following CLI commands (not recommended):

[1] FortiOS 6.2 branch (6.2.0 and above):

conf vpn ssl web portal
    edit {portal-name}
        set smb-min-version smbv1 # (note: default value is "smbv2")
        set smb-max-version smbv1 # (note: default value is "smbv3")
     next
end

[2] FortiOS 6.0 branch (6.0.1 and above):
conf vpn ssl web portal
    edit {portal-name}
        set smbv1 enable # (note: default value is “disable”)
    next
end

[3] FortiOS 5.6 branch (5.6.6 and above):

config vpn ssl web portal
    edit {portal-name}
        set smb-ntlmv1-auth enable # (note: default value is “disable”)
    next
end

(For FortiOS 5.6.5 and below versions, the smb-ntlmv1-auth CLI command can not disable SMBv1 protocol support).
SMBv1 support is also disabled by default in the FortiOS FSSO fsso-polling feature starting from 6.2.0 [4] for High-End models and Virtual Machine models and can be enabled by applying the following CLI commands:

[4] FortiOS 6.2.0 branch:
config user fsso-polling
    set smbv1 {enable|*disable} # (default value is "disable")
end

For Entry-Levels and Mid-Range models, SMBv1 remains the only supported SMB protocol.

Affected Products

FortiOS High-End models and Virtual Machine models: FortiOS 6.0.0, 5.6.5 and below.
FortiOS Entry-Levels and Mid-Range models: FortiOS all versions.

At least
FortiMail version 5.3.13
At least
FortiAuthenticator 5.0 all versions

Solutions

FortiOS:

For High-End models and Virtual Machine models, upgrade to FortiOS 6.0.1, 5.6.6 or newer versions.
For Entry-Levels and Mid-Range models, starting from FortiOS 5.6.11, 6.0.7 and 6.2.1, when SMBv1 is used under the SSL VPN web portal, a warning bar will be shown to the user under login page and later pages, alerting about using a deprecated and unsafe SMBv1 protocol.
Details of FortiOS model specifications: https://www.fortinet.com/products/next-generation-firewall/models-specs.html

FortiMail:
Upgrade to FortiMal 5.4.0 or newer versions
 

FortiAuthenticator:
Upgrade to FortiAuthenticator 5.1.0 or newer versions
Revision History:
08-08-2017 Initial version
06-04-2019 New CLI commands and security warning bar introduced
08-22-2019 Update warning bar introduced branch versions.
04-20-2023 Reformatted, added missing platforms in SA body to match info table