Created on 08-08-2025 08:06 AM
Step 1: Make sure to have LAN Access via VPN.
Reach the FortiGate's internal interface (commonly 192.168.x.x or 10.x.x.x) via the SSL VPN.
That means:
SSL-VPN IP pool must be on a different subnet than the LAN.
A route must exist on the FortiGate to direct VPN clients to the LAN.
A firewall policy must allow traffic from the SSL VPN interface to the LAN interface (or wherever the GUI IP resides).
Step 2: Enable HTTPS (and/or SSH) on the LAN Interface
Edit the interface where the FortiGate GUI is reachable (usually LAN)
Optionally enable SSH
config system interface edit "port1" set allowaccess ping https ssh nextend
Step 3: Create or verify Firewall Policy.
The firewall policy:
From: ssl.root ---> interface SSL-VPN uses
To: LAN (or interface with GUI IP)
Services: HTTPS, or all if unsure
Action: Accept
NAT: disabled for internal management access
Step 4: Connect and Test.
Open FortiClient and connect to the VPN.
Open a browser and go to the LAN IP of the FortiGate (e.g., https://192.168.1.99).
If GUI is using a custom port (e.g., 4443), connect using: https://192.168.1.99:4443
Check the FortiGate login page.
You are leaving our site and we cannot be held responsible for the content of external websites
