FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff
Article Id 217990
Description

This article describes how to disable SSL VPN Web Mode or Tunnel Mode for specific portals.

Scope FortiGate.
Solution

Toggle the 'Enable Web Mode' and 'Tunnel Mode' radio buttons.

 

hhasny_0-1658302999608.png

 

 

From CLI, use the command 'config vpn ssl web portal' and edit the specific portal.

 

In this example SSL VPN Mode portal.

 

config vpn ssl web portal

    edit "SSLVPN Mode"

        set tunnel-mode disable <----- Unset tunnel-mode.

        set web-mode disable  <----- Unset web-mode.

        end

end

 

From v7.4.1, the web mode can be disabled globally using the command:

config system global
    set sslvpn-web-mode disable
end

Refer to this document for more detail: Technical Tip: How to disable SSL VPN web-mode globally 

Note:

For Web Mode, although the web mode is disabled, users still can log in but will get a warning like below once log in.

 

hhasny_1-1658303017157.png

 

 

To completely remove the SSL VPN web portal from being displayed when SSL VPN mode is disabled, follow the steps from the below link. Remove the HTML body section of the SSL VPN login page replacement message: How to prevent the SSL-VPN web login portal from displaying when SSL-VPN web mode is disabled