FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spoojary
Staff
Staff
Article Id 339282
Description This article describes how to remove the error message which is in the administration settings under the HTTP port 'Port conflicts with SSL-VPN HTTP redirection'.
Scope FortiGate v7.4.
Solution
  • In SSL VPN settings, the 'Redirect HTTP to SSL-VPN' option allows to redirect the HTTP (Port 80) SSL VPN web mode page request to the SSL VPN port (Port 10443). 
  • The'Redirect HTTP to SSL VPN' option in the FortiGate SSL VPN settings is intended to improve security by guaranteeing that customers who attempt to visit the VPN login page via HTTP are automatically redirected to the secure HTTPS version of the page. Doing this makes it less likely that an unencrypted connection would be used, which increases the danger of interception and other security issues.
  • Generally, it is advisable to enable this option.
  • Without requiring users to enter 'https://' in their browser manuallyit helps maintain secure connection. This may decrease confusion and oversights.
  • If the users have it enabled; a warning message will be displayed in admin settings.
  • In the System -> Settings -> Administration Settings there will be a warning message that the HTTP port is conflicting with SS-VPN HTTP redirection.
spoojary_0-1725537592423.png

 

 

  • This is because Redirect HTTP to SSL VPN is enabled in the SSL VPN settings.
spoojary_1-1725537660669.png

 

  • Disable the option from GUI or CLI and then there will be no warning message shown in the admin settings:

 

Ornstein-kvm40 (settings) # show
config vpn ssl settings
   set banned-cipher SHA1 SHA256 SHA384
   set https-redirect disable

end