The user is not able to take web and SSH access of the firewall. The user is unable to load web GUI access of FortiGate:

Check the public as well as private IP address of the system and run the debug flow on the FortiGate. In this example, web access will be troubleshooted. The output of the debug flow will be checked.

The debug output shows when the user client (10.9.16.3) tries to access Web GUI access. 

'msg=”iprope_in_check() check failed on policy 0, drop"' is visible, and the request for web access is denied.

This is because host 10.9.16.3 is not added as a trusted host on FortiGate. Administrative traffic policies are created based on the interface 'allowaccess' setting:

To fix this issue,  10.9.16.3/32 will be configured as a trusted host.

To configure a trusted host for the admin account:

• Go to Administrator -> Administrator and select an administrator (for example, Admin).
• Similar to FortiGates, under the trusted hosts field, define the subnet and the subnet mask from which the admin will log in.
• Repeat this process for all the available admin accounts.
  
  

Adding a trusted host using CLI:

After adding a trusted host, again, it is possible to try to take Web GUI access to FortiGate. This time, it is possible to access the web GUI of FortiGate successfully.

When multiple admin users exist in the FortiGate, administrative local traffic policies will be created based on the trusted hosts lists from every admin user:

On the other hand, if any of the admin users have no 'trusted hosts' configured, no restrictions will be applied to administrative traffic.