Web Admin GUI in VPN access

Forum|Forum|7 years ago
June 22, 2018
1 reply
6401 views

Hi,

I have installed a Fortigate FP60E. I program a VPN IPSEC Tunnel. I can access to Web Admin Gui by public IP but I would like to access to it only by the VPN and not the public access.

Is it possible ? What's the solution ?

Regards.

C. PORTAL

Toshi_Esumi

SuperUser

It's a dialup vpn, right? I assume you can access (ping) the LAN side of the 60E with the VPN. HTTPS GUI admin is enabled on the internal hard-switch interface by default unless you change it. Try the IP to get in remotely with the VPN, then only after you got in with the internal IP, disable (uncheck) HTTPS and HTTP on the internet interface (wan1 or wan2 unless you had to configure VLAN to terminate the INET circuit).

emnoc

New Member

If the vpn is done route-based and you have a defined interface, try 1st to see if you can apply a ip.addr with a /32 mask and then if allow access on that interface is available. Then set allowaccess https ssh or whatever you want.

e.g

config sys interface

edit <vpninterfacename>

set vdom root

set ip 1.1.1.1/32

set allowaccess https

end

This is how we do it with sslvpn and with ssl.root ( ssl.root is the interface type in SSSLVPN )

http://socpuppet.blogspot.com/2015/03/sslvpn-sslroot-management-access.html

Ipsec would be the same concept btw.

keep in mind that over the years of FortiOS versions FTNT has not been consistent in allowing the above so YMMV, but give it a try.

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded