|
Description |
This article describes why the SSL VPN options may not be visible in FortiGate, and explains how to fix it by enabling the SSL VPN feature or through CLI commands. |
|
Scope |
FortiGate. |
|
Solution |
For Firmware lower than v7.4.1: The SSL VPN feature can be enabled from Feature Visibility, navigate to System -> Feature Visibility and enable SSL VPN as shown below:
Due to the change in default behavior from v7.4.1 onward, the SSL VPN settings and the menus remain hidden from the GUI under VPN Settings and missing under feature visibility. Under System -> Feature Visibility: 
The feature now must be enabled from the CLI, to enable the VPN -> SSL VPN GUI menu:
config system settings
This is the default behavior in the brand-new installation of v7.4.1: (Bug ID: 923718)
It is also possible to run the following command via the CLI to enable the IPSec VPN feature:
config system settings set gui-vpn enable end
Web mode and realm features are also disabled by default and will not be enabled with the above commands. It is possible to enable it with the following commands:
config system global set sslvpn-web-mode enable end
config system settings set gui-sslvpn-realms enable end
Note: Starting from v.7.6.x, the SSL VPN web and tunnel mode feature will no longer be available from the GUI or CLI for FortiGates with 2GB of RAM or below. A workaround is to use an IPsec dial-up tunnel for remote access VPN instead: SSL VPN removed from 2GB RAM models for tunnel and web mode
v7.2.10 still supports SSL VPN on the FortiGate-90G and 91G models. In v7.4.x, this option can be enabled from the CLI using the below commands.
set gui-sslvpn enable end SSL VPN is not supported on either the FortiGate-30G model or the FortiGate-50G model.
Related Article: |
