This article describes how to disable SSL VPN Web Mode or Tunnel Mode for specific portals.

Toggle the 'Enable Web Mode' and 'Tunnel Mode' radio buttons.

From CLI, use the command 'config vpn ssl web portal' and edit the specific portal.

In this example SSL VPN Mode portal.

config vpn ssl web portal

    edit "SSLVPN Mode"

        set tunnel-mode disable <----- Unset tunnel-mode.

        set web-mode disable  <----- Unset web-mode.

        end

end

From v7.4.1, the web mode can be disabled globally using the command:

config system global
    set sslvpn-web-mode disable
end

Refer to this document for more details: Technical Tip: How to disable SSL VPN web-mode globally.

From v7.6.0, the SSL VPN function has been removed from models with 2GB of RAM.

SSL VPN removed from 2GB RAM models for tunnel and web mode

Note:

For Web Mode, although the web mode is disabled, users can still log in, but will get a warning like below once logged in.

To completely remove the SSL VPN web portal from being displayed when SSL VPN mode is disabled, follow the steps from the link below. Remove the HTML body section of the SSL VPN login page replacement message: Technical Tip: How to prevent the SSL VPN web login portal from displaying when SSL VPN web mode is ...

If web mode is needed, an alternative method is available: Technical Tip: Alternatives to SSL VPN web mode.

Note:

• In v7.6.3, SSL VPN tunnel mode is no longer supported on any models. Agentless VPN (formerly SSL VPN web mode) is not supported on FortiGate 40F, 60F, and 90G series models. See the FortiOS release notes.
• From v7.6.0, SSL VPN has been removed from 2GB RAM models for tunnel and web mode. See the FortiOS Release Notes.