Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
Debbie_FTNT
Staff & Editor
Staff & Editor

Created on ‎09-28-2021 02:04 AM Edited on ‎04-16-2025 04:50 AM By Moderator

Article Id 192689

Troubleshooting Tip: Disabling HTTP access on FortiAuthenticator interfaces

Description

 

This article describes how to disable HTTP access to FortiAuthenticator completely, expanding on Interfaces - FortiAuthenticator 6.2.1 administration guide.

 

Scope

 

FortiAuthenticator.

Solution


To ensure FortiAuthenticator is completely inaccessible via HTTP (TCP port 80), both HTTP admin access (GUI) and service access (CRL and SCEP) need to be disabled.

 
Note:
If FortiAuthenticator is used for certification on HTTP (other units access it on http://<FortiAuthenticator>/cert/crl), then disabling this access can cause a disruption.
 
FortiAuthenticator can also serves CRL, SCEP and GUI on port 443 instead.


Even if HTTP (TCP/80) is enabled, the FortiAuthenticator GUI cannot be accessed via HTTP because it is not supported.

2026
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.