| Description | This article describes how to resolve a scenario where the SSL VPN listening port and admin HTTPS GUI port are the same (default = port 443). By default, the SSL VPN web-mode login page will be shown when accessing FortiGate from the web browser. |
| Scope | FortiGate. |
| Solution |
The default setting for port-precedence is 'enabled' under SSL VPN settings. The behavior of this configuration when it is enabled means that SSL VPN connections are allowed on the interface, and FortiGate GUI connections are disabled on the same interface.
Below are some settings that can be configured to gain access to FortiGate GUI login page instead of the SSL VPN web-mode login page:
set status disable end
Option 2: Configure the SSL VPN listening port and admin HTTPS GUI port with different port numbers from each other. One setting can be kept using the default port 443. However, it is recommended to use custom ports for both to achieve optimal security.
config vpn ssl settings set port 8443 end
config system global set admin-sport 10443 end
Additional note: There will be a notification saying there will be port conflicts if the SSL VPN listening port and admin GUI HTTPS port use the same port numbers.
Option 3: Disable port-precedence under SSL VPN settings. This can only be configured via the CLI.
config vpn ssl settings set port-precedence disable end
Output/Result (Option 2 was followed):
Additional note: Disabling Web-mode is not sufficient and the SSL VPN login page will still be shown if the default settings are still configured. |
