FortiGate GUI not responding

Hello,

As far as I understand when the issue is triggered FortiGate receives packets on LAN port. I would recommend to check whether FortiGate also replies back to the client.

Hello,

I think it's not a firewall problem but a process problem. As I said, when I reach web gui from WAN IP (WAN interface) it works and the immediately LAN access web gui works for a wile.

As I can see from my browser, I have some 401 http when trying to reach web gui page. 

I have nothing in trusted host or other settings... What's that ? 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-The-FortiGate-login-GUI-page-is-unresponsive/ta-p/435009

Yes. It is strange, but the pattern is still pretty clear:

This is not normal browser behaviour.
It is usually one of these three things:

1. FortiOS / httpsd issue on 7.0.8

2. reply path / routing issue for management traffic on that LAN-side access

3. stuck or unhealthy web daemon state

And the first point matters a lot: 7.0.8 is old, and Fortinet’s 7.0.8 release notes already list GUI issues in that train. Even if your exact symptom is not named there, you are on a version where GUI bugs are absolutely plausible.

What your symptom actually means

The certificate warning proves that:

• TCP/443 is reachable

• SSL handshake completes

• the FortiGate is at least partially answering

The endless donut means the GUI page is loaded only partially, but the backend calls do not complete properly. That usually points to httpsd, API/backend GUI calls, or a management-plane reply-path problem, not to basic connectivity. Fortinet’s own troubleshooting for inaccessible GUI points directly at checking management access, local traffic handling, and httpsd debugging.

The detail that matters most

If I go through WAN, I can access the login page, and then LAN GUI works again for a while.

That strongly suggests one of these:

• the web service gets unstuck when a fresh session hits it

• the LAN-side management flow has a path/state issue

• there is a routing asymmetry for replies on the LAN side

Fortinet has documented similar GUI-access failures caused by incorrect routing of HTTPS response packets on certain interface scenarios. Your case is not necessarily the exact same bug, but the mechanism fits: request arrives, response path is wrong or broken, GUI hangs.

What I would do first

1. Upgrade

Bluntly: stop spending too much time on 7.0.8.
Move to the latest supported patch in the 7.0 branch first, or preferably to the target train your environment standardises on, following Fortinet’s upgrade path. Staying on 7.0.8 while chasing a weird GUI issue is wasted effort.

2. Restart the web daemon when the problem is present

From CLI:

On affected builds, restarting or inspecting httpsd is often enough to confirm that the problem is inside the web service, not the network path. Fortinet documents httpsd and web-ui debugging for exactly this reason.

3. Debug httpsd while reproducing from LAN

Run this from console or SSH:

Then try opening the GUI from LAN.

After that:

If the GUI is hanging in the backend, httpsd debug usually shows it very quickly. Fortinet documents diagnose debug application httpsd as the correct daemon-level debug.

4. Check whether FortiGate is replying back on the LAN path

This is the simplest reality check. Fortinet support staff gave exactly this advice in that forum thread: verify that packets are not only received on LAN, but that the FortiGate is also sending the replies back correctly.

Use:

When the issue happens, you want to see:

• client SYN

• FortiGate SYN/ACK

• TLS exchange

• then actual HTTP/HTTPS payload both ways

If requests come in but responses stop or go out the wrong interface, this is a path/routing problem, not a GUI rendering problem.

5. Check management access settings on the LAN interface

Make sure the interface really has HTTPS enabled:

You should see https under allowaccess.

That sounds obvious, but half of these cases turn out to be interface config drift, wrong management interface, or access arriving on an unexpected logical interface. Fortinet’s GUI troubleshooting article starts with exactly these checks.

6. Rule out routing asymmetry

Check:

and confirm the return path to the admin PC is the expected LAN interface.

If that interface is part of something unusual such as SD-WAN, VRF-like segmentation, asymmetric upstream routing, or policy-based routing, that becomes even more suspicious. Fortinet has already documented GUI access failures caused by wrong routing of HTTPS response packets.

My direct assessment

The most likely answer is:

This is a FortiOS 7.0.8 management-plane / GUI issue or a LAN-side response-path problem, not a certificate issue.

The certificate warning is a red herring.
The endless donut means the GUI session is not completing properly after TLS.

What I would not do

• I would not waste time on browser cache first

• I would not assume packet capture showing “traffic to port 443” proves the GUI is fine

• I would not keep 7.0.8 in production if multiple units show the same behaviour

Best next move

Do these in order:

1. reproduce from LAN

2. run httpsd debug

3. sniff traffic to confirm bidirectional replies

4. verify return routing

5. upgrade off 7.0.8

That is the shortest path.