FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 215905

This article describes when the SSL-VPN setting is set to allow tunnel access only and web access is disabled, but users when accessing the https://<FortiGate-ip>:<ssl-vpn-port-number> in the browser, still receive the SSL-VPN web login portal.


This article describes how to prevent the SSL-VPN web portal from getting displayed to users when SSL-VPN web mode is disabled.




Even after disabling SSL-VPN web mode from the desired SSL-VPN portal, users are still receiving the SSL VPN web portal login page.


- From FortiGate GUI:


Remove the HTML <body> section of the SSL-VPN login page replacement message by following the steps below:


On FortiGate GUI, navigate to System  -> Replacement Messages -> SSL-VPN section.




Select to edit 'SSL-VPN Login Portal'.


In the text/html format, select the body part and delete it then save the configuration.




After deleting the body portion from the HTML message, a white blank page is displayed.




Reattempt to access the SSL-VPN web page and users will be directed to a white blank page.


To revert this change if there is a need to enable SSL VPN web mode, follow the steps below:


From GUI -> System -> Replacement Messages -> Select to edit SSL-VPN Login Page -> Select 'Restore Defaults'.


The SSL-VPN web portal will be restored and will display to SSL-VPN users.


- From FortiGate CLI.


To remove the SSL-VPN web page run the below set of commands:


# FGT#config sys replacemsg sslvpn sslvpn-login

FGT(sslvpn-login)#set buffer “ “  



To restore the SSL-VPN web page run the below set of commands:


# FGT#config sys replacemsg sslvpn sslvpn-login

FGT(sslvpn-login)#unset buffer