This article describes alternatives to Agentless VPN (formerly known as SSL VPN web mode), where dynamic web pages are a compatibility challenge with this feature.
Modern web applications use JavaScript to create dynamic URLs, which makes URL rewriting difficult, resource-intensive, and often unreliable.
Starting in FortiOS 7.6.3, Agentless VPN is no longer supported on several FortiGate desktop models. For details, refer to the FortiOS release notes.
Additionally, from FortiOS 7.6.3 onwards, SSL VPN tunnel mode has been replaced with IPsec VPN as the default remote access method. See this announcement for more details.
All alternatives covered in this article offer support for inspection security features (Antivirus, Web Filtering, DLP, and IPS).
Reminder: Always use secure authentication methods such as SAML, certificates, or strong passwords combined with 2FA/MFA.
FortiGate v7.2, v7.4. v7.6.
A. Application-level remote access.
Related document: FortiGate/FortiOS New Features - ZTNA agentless web-based application access.
Related document: Technical Tip: How to configure SAML authentication for firewall policy with Virtual IP (VIP).
B. Network-level remote access.
Related document: Remote access in the admin guide.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.