Skip to main content
Rajneesh
Staff
Rajneesh
Staff
February 9, 2026

Troubleshooting Tip: Unable to access GUI in firmware version 7.6.4 and later

  • February 9, 2026
  • 0 replies
  • 2581 views
Description This article describes the issue where FortiGate GUI access is not working in firmware version 7.6.4 and later.
Scope FortiGate.
Solution

After upgrading to firmware version 7.6.4 or later, the GUI may display an 'ERR_CONNECTION_REFUSED' error as shown in the image below:

guiiiii.png
In the below sniffer output, it can be seen that the firewall is sending the RST packet in response to the SYN (connection initiation). 

 

diagnose sniffer packet any "host 10.2.2.1 and port 443 " 4 0 l
interfaces=[any]
filters=[host 10.2.2.1 and port 443 ]
2026-02-04 14:38:20.133931 port1 in 10.2.2.1.58189 -> 10.1.1.1.443: syn 3366770127
2026-02-04 14:38:20.134024 port1 out 10.1.1.1.443 -> 10.2.2.1.58189: rst 0 ack 3366770128
2026-02-04 14:38:20.387212 port1 in 10.2.2.1.63535 -> 10.1.1.1.443: syn 3710423967
2026-02-04 14:38:20.387296 port1 out 10.1.1.1.443 -> 10.2.2.1.63535: rst 0 ack 3710423968


In FortiOS v7.6.4 and later, a new internal daemon, 'http_authd', is responsible for centralized GUI authentication and authorization. Refer to the release notes for more information Enhance administrative authentication and session monitoring 7.6.4.

Take the output below:

diagnose debug reset

diagnose debug console timestamp enable

diagnose debug application http_authd -1

diagnose debug enable

 

To stop the debugging:

 

diagnose debug disable

diagnose debug reset

Output of debug commands:

 

[http_authd 10524 - 1770282285 info] http_authd_handler_main_loop[790] -- Received "validate session" request (seq: 41672) from local (109 bytes)
[http_authd 10524 - 1770282285 info] http_authd_request_handler[612] -- ===============================================
[http_authd 10524 - 1770282285 info] authorize_trusted_request[600] -- Setting local process (Node.JS) login context.
[http_authd 10524 - 1770282285 error] authorize_trusted_request[684] -- Failed to create http_authd session for fabric trusted access from local: Failed to delete admin DB entry.
[http_authd 10524 - 1770282285 info] http_authd_request_handler[630] -- Successfully handled "validate session" request.
[http_authd 10524 - 1770282285 info] http_authd_request_handler[669] -- -----------------------------------------------
[http_authd 10524 - 1770282287 info] http_authd_cleanup_task[171] -- Failed to run GUI session DB cleanup.

 

Above debug analysis confirmed that 'http_authdis failing to create GUI sessions.

Additionally, verify the 'http_authd' session list using the command below:

 

diagnose http_authd session list
http_authd session list
[]

 

As shown above, no 'http_authd' sessions are currently being created.

Resolution:

This issue can be fixed by restarting the 'http_authd' process. To restart the process, use the methods below:

  • Find the process ID (PID) with the following command:   

 

diagnose sys process pidof http_authd

 

  • Once PID is identified, restart the process with the following command:

 

diagnose sys kill 11 <pid>

 

If multiple processes are present, the above command needs to be repeated for every PID.

 

To kill all the PIDs of the http_authd process at once, the following command can be executed: 

 

fnsysctl killall http_authd

 

If the issue is still present after restarting the http_authd, check the system event logs for malicious/brute force attempts regarding FortiGate admin login. Once confirmed, proceed to disable the HTTPS access from the public-facing interface. 

 

   config system interface
       edit <external-interface-name>
       unset allowaccess
   end

Note:

In FortiOS v7.6.6, http_authd may use high memory if multiple unauthorized attempts target a public-facing interface. The best practice is to disable HTTPS on the outside interface. If this cannot be implemented, restrict administrative access using a local‑in policy and trusted host configuration. More guidance on hardening administrative access is available here: Technical Tip: System administrator best practices for FortiGate and FortiProxy.

 

Related articles:

Troubleshooting Tip: Memory Conserve Mode after upgrading to FortiOS v7.6.6 due to large number of 'http_authd' daemons

Technical Tip: In FortiOS 7.6.4 and later, administrator web authentication is handled by the http_authd process  
      Terms & ConditionsAccessibility statement