FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mkirollos
Staff
Staff
Description

This article describes when the SSL-VPN setting is set to allow tunnel access only and web access is disabled, but users when accessing the https://<FortiGate-ip>:<ssl-vpn-port-number> in the browser, still receive the SSL-VPN web login portal.

 

This article describes how to prevent the SSL-VPN web portal from getting displayed to users when SSL-VPN web mode is disabled.

Scope

FortiGate.

Solution

Even after disabling SSL-VPN web mode from the desired SSL-VPN portal, users are still receiving the SSL VPN web portal login page.

 

- From FortiGate GUI:

 

Remove the HTML <body> section of the SSL-VPN login page replacement message by following the steps below:

 

On FortiGate GUI, navigate to System  -> Replacement Messages -> SSL-VPN section.

 

mkirollos_0-1656308181191.png

 

Select to edit 'SSL-VPN Login Portal'.

 

In the text/html format, select the body part and delete it then save the configuration.

 

mkirollos_1-1656308181202.png

 

After deleting the body portion from the HTML message, a white blank page is displayed.

 

mkirollos_2-1656308181205.png

 

Reattempt to access the SSL-VPN web page and users will be directed to a white blank page.

 

To revert this change if there is a need to enable SSL VPN web mode, follow the steps below:

 

From GUI -> System -> Replacement Messages -> Select to edit SSL-VPN Login Page -> Select 'Restore Defaults'.

 

The SSL-VPN web portal will be restored and will display to SSL-VPN users.

 

- From FortiGate CLI.

 

To remove the SSL-VPN web page run the below set of commands:

 

# FGT#config sys replacemsg sslvpn sslvpn-login

FGT(sslvpn-login)#set buffer “ “  

FGT(sslvpn-login#end

 

To restore the SSL-VPN web page run the below set of commands:

 

# FGT#config sys replacemsg sslvpn sslvpn-login

FGT(sslvpn-login)#unset buffer  

FGT(sslvpn-login#end

Contributors