| Description | This article describes how to troubleshoot and resolve the error 'You are not allowed to access this site using <FortiAuthenticator URL>' on FortiAuthenticator, which occurs due to CSRF protection mechanisms. |
| Scope | FortiAuthenticator |
| Solution |
In this example, the URL is 'https://fac.homelab'. The access is denied with the following error indicating a CSRF protection mechanism.
The FortiAuthenticator can be accessed if the IP address is used instead of the URL. This issue happens when the Device FQDN is not configured with the URL that is being used to access the FortiAuthenticator.
Navigate to Dashboard -> Status -> Device FQDN ->Add the URL. This change will restart the web server. After this, the FortiAuthenticator will be accessible through the URL.
Note: The error also occurs when the FortiAuthenticator is port-forwarded to an external IP, and a user tries to access it using a public IP address that is not assigned to any of its network interfaces. |
