Technical Tip: FortiGate Displays Certificate Information When Accessed via IPSec VPN Listening Interface
| Description | This article describes an issue where FortiGate certificate information is displayed when accessing the FortiGate GUI via IPSec VPN Listening Interface and port number 4500. |
| Scope | FortiGate v7.6.1. |
| Solution | When accessing the FortiGate GUI through an interface configured as the underlay interface of an IPSec VPN tunnel, using port 4500, the web browser displays the FortiGate’s certificate. Certificate information should not be presented unless the ike-saml-server is configured on the FortiGate IPSec VPN underlay interface. config system settings
The default behaviour has changed for this option starting from v7.6.3, and it applies for new deployments only. The default value is now 443 instead of 4500:
Existing configuration before upgrade to v7.6.3 or later will retain the 4500 value after upgrade, and this change will only affect new deployments. Further details can be found on the following document: Changes in default values. |
