Troubleshooting Tip: FortiCloud SSO login blocked with 'Web Page Blocked! Attack ID: 20000021' message
| Description | This article describes why users encounter the error 'Web Page Blocked! Attack ID: 20000021' when attempting to log in to a FortiGate using FortiCloud SSO. |
| Scope | FortiGate, FortiCloud. |
| Solution | Fortinet identified a critical Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288) in the FortiCloud SSO implementation, tracked as CVE-2026-24858 under PSIRT advisory FG-IR-26-060.
To protect customers and block further exploitation, Fortinet disabled FortiCloud SSO access from vulnerable (unpatched) devices on the FortiCloud side starting January 26, 2026.
As a result, any attempt to use FortiCloud SSO to log in to a FortiGate running a vulnerable firmware version triggers the blocking mechanism, displaying the error:
This is a deliberate security measure enforced by Fortinet on the cloud side, not a local FortiGate block or user-side issue.
Upgrading the FortiGate to a fixed firmware version resolves the issue and restores access. |
