Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JNDias
Staff
Staff

Created on ‎02-23-2023 04:38 AM Edited on ‎01-14-2025 07:09 AM By Moderator

Article Id 246957

Technical Tip: HTTP 401 error in SSL VPN Web mode

Description

This article describes what to do when having HTTP error '401 Authorization Required' through SSL VPN web mode. 
Scope SSL VPN Web mode, FortiGate.
Solution

For this case, when getting HTTP error '401 Authorization Required' through SSL VPN web mode, the bookmark will be used as an example.

 

JNDias_0-1677154657008.png

 

It should be noted that this error is not from the FortiGate. It comes from whatever Web Server the user is trying to access. It is always best to check on the Web Server or application to see why it is giving this response back.
If the Web Server is blocking the connection due to the IP not being allowed, and if the Web Server is not expecting the IP of the SSL VPN user, it is possible to prevent this information from being presented in the HTTP request.

This is the command to send the HTTP header 'as-is' from the client:

 

config vpn ssl setting

    set header-x-forwarded-for pass

end

 

It is also possible to configure it as 'remove'. Try both to see which one the Web Server prefers:

Options:

  • pass: Forward the same HTTP header.
  • add: Add the HTTP header.
  • remove: Remove the HTTP header.
1484
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.