Description |
This article describes when the SSL-VPN setting is set to allow tunnel access only and web access is disabled, but users when accessing the https://<FortiGate-ip>:<ssl-vpn-port-number> in the browser, still receive the SSL-VPN web login portal.
This article describes how to prevent the SSL-VPN web portal from getting displayed to users when SSL-VPN web mode is disabled. |
Scope |
FortiGate. |
Solution |
Even after disabling SSL-VPN web mode from the desired SSL-VPN portal, users are still receiving the SSL VPN web portal login page.
- From FortiGate GUI:
Remove the HTML <body> section of the SSL-VPN login page replacement message by following the steps below:
On FortiGate GUI, navigate to System -> Replacement Messages -> SSL-VPN section.
Select to edit 'SSL-VPN Login Portal'.
In the text/html format, select the body part and delete it then save the configuration.
After deleting the body portion from the HTML message, a white blank page is displayed.
Reattempt to access the SSL-VPN web page and users will be directed to a white blank page.
To revert this change if there is a need to enable SSL VPN web mode, follow the steps below:
From GUI -> System -> Replacement Messages -> Select to edit SSL-VPN Login Page -> Select 'Restore Defaults'.
The SSL-VPN web portal will be restored and will display to SSL-VPN users.
- From FortiGate CLI.
To remove the SSL-VPN web page run the below set of commands:
# FGT#config sys replacemsg sslvpn sslvpn-login FGT(sslvpn-login)#set buffer “ “ FGT(sslvpn-login#end
To restore the SSL-VPN web page run the below set of commands:
# FGT#config sys replacemsg sslvpn sslvpn-login FGT(sslvpn-login)#unset buffer FGT(sslvpn-login#end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.