Skip to main content
condor
condor
New Member
July 8, 2016
Solved

Cannot get access by https GUI administration (only by http)

  • July 8, 2016
  • 1 reply
  • 13063 views

 

  Hi, i cant get access by https GUI administration, but i can by http. i try with many browsers. Maybe is and SSL error with the certificate, i dont know.

 

 

I check the access configuration:

#config sys int
    edit "port2"
        set vdom "root"
        set allowaccess ping https ssh http fgfm
        set type physical
        set alias "Inside"
        set snmp-index 2

#config sys admin
    edit "sgermano"
        set remote-auth disable
        set peer-auth disable
        set trusthost1 0.0.0.0 0.0.0.0

Thanks!!

    Best answer by emnoc

    Trying searching in config sys global for the following line

     

    set admin-https-ssl-versions tlsv1-1 tlsv1-2

     

     

    eg

     

    FGT100DSOCPUPPY01 (global) # show full sys global | grep ssl-versions     set admin-https-ssl-versions tlsv1-1 tlsv1-2

     

    Probably your  browser is older or you have a TLS/SSL negotiation issue due the configured version(s).

     

    Ken

    1 reply

    emnoc
    emnocAnswer
    New Member
    July 8, 2016

    Trying searching in config sys global for the following line

     

    set admin-https-ssl-versions tlsv1-1 tlsv1-2

     

     

    eg

     

    FGT100DSOCPUPPY01 (global) # show full sys global | grep ssl-versions     set admin-https-ssl-versions tlsv1-1 tlsv1-2

     

    Probably your  browser is older or you have a TLS/SSL negotiation issue due the configured version(s).

     

    Ken

    condor
    condorAuthor
    New Member
    July 11, 2016

    Hi emnoc, exist that line on the global config:

     

    # show full | grep "set admin-https-ssl-versions"     set admin-https-ssl-versions tlsv1-1 tlsv1-2

     

    I use the same browser on other Fortigate device and work ok.

     

    Thanks.

     

    kallbrandt
    kallbrandt
    New Member
    July 11, 2016

    This is an error most likely caused by your client.

     

    Enable TLS1-1.1-1.2 (and turn off SSL v2/3!) in the advanced settings in Internet Explorer. These settings are used by Chrome also as far as I know.

    In Firefox, browse to the page "about:config" and check that "security.tls.version.min" is set to 1.

    Restart your browsers and try again.

    Terms & ConditionsAccessibility statement