| Description |
This article describes when the SSL-VPN setting is set to allow tunnel access only and web access is disabled, but users when accessing the https://<FortiGate-ip>:<ssl-vpn-port-number> in the browser, still receive the SSL-VPN web login portal.
This article describes how to prevent the SSL-VPN web portal from getting displayed to users when SSL-VPN web mode is disabled. |
| Scope |
FortiGate. |
| Solution |
Even after disabling SSL-VPN web mode from the desired SSL-VPN portal, users are still receiving the SSL VPN web portal login page.
- From FortiGate GUI:
Remove the HTML <body> section of the SSL-VPN login page replacement message by following the steps below:
On FortiGate GUI, navigate to System -> Replacement Messages -> SSL-VPN section.
Select to edit 'SSL-VPN Login Portal'.
In the text/html format, select the body part and delete it then save the configuration.
After deleting the body portion from the HTML message, a white blank page is displayed.
Reattempt to access the SSL-VPN web page and users will be directed to a white blank page.
To revert this change if there is a need to enable SSL VPN web mode, follow the steps below:
From GUI -> System -> Replacement Messages -> Select to edit SSL-VPN Login Page -> Select 'Restore Defaults'.
The SSL-VPN web portal will be restored and will display to SSL-VPN users.
- From FortiGate CLI.
To remove the SSL-VPN web page run the below set of commands:
# FGT#config sys replacemsg sslvpn sslvpn-login FGT(sslvpn-login)#set buffer “ “ FGT(sslvpn-login#end
To restore the SSL-VPN web page run the below set of commands:
# FGT#config sys replacemsg sslvpn sslvpn-login FGT(sslvpn-login)#unset buffer FGT(sslvpn-login#end |
