Troubleshooting Tip: Getting 'ERR_EMPTY_RESPONSE' when accessing FortiGate WAN interface for HTTPS management access after configuring IPsec VPN

syao · ‎05-11-2025

Description

This article describes how to troubleshoot when encountering 'ERR_EMPTY_RESPONSE' message after attempting to access the FortiGate outside interface for HTTPS management access via TCP port 443.

Scope

FortiGate v7.6.1 and above.

Solution

When a FortiGate has a VPN configured with the local gateway set to the outside interface, traffic arriving on TCP port 443 at that interface is handled by the IKE daemon instead of the HTTPS daemon.

There are two possible solutions for this:

Change the default IKE TCP port.

config system settings
set ike-tcp-port X
end

Change the management HTTPS access port.

config system global

set admin-sport X

end

Note:

Starting in v7.6.3, if administrators assign port 443 for HTTPS administrative access on an interface that is also bound to an IPsec tunnel, FortiOS will display a warning indicating that HTTPS access on that port will no longer be available.
The default IKE-TCP value of port 443 is only applicable to new FortiGate configurations with v7.6.1 and above. If FortiOS is upgraded to v7.6.1 and above, the ike-tcp-port value from before the upgrade is retained.

Related document:
GUI warnings for IKE-TCP port conflicts

Troubleshooting Tip: Getting 'ERR_EMPTY_RESPONSE' when accessing FortiGate WAN interface for HTTPS management access after configuring IPsec VPN

You are leaving our website