|
Description |
This article describes why the SSL VPN options may not be visible in FortiGate, and explains how to fix it by enabling the SSL VPN feature or through CLI commands. |
|
Scope |
FortiGate. |
|
Solution |
For Firmware lower than v7.4.1: The SSL VPN feature can be enabled from Feature Visibility, navigate to System -> Feature Visibility and enable SSL VPN as shown below:
Due to the change in default behavior from v7.4.1 onward, the SSL VPN settings and the menus remain hidden from the GUI under VPN Settings and missing under feature visibility. Under System -> Feature Visibility: 
The feature now must be enabled from the CLI, to enable the VPN -> SSL VPN GUI menu:
config system settings
This is the default behavior in the brand-new installation of v7.4.1: (Bug ID: 923718)
It is also possible to run the following command via the CLI to enable the IPsec VPN feature:
config system settings set gui-vpn enable end
Web mode and realm features are also disabled by default and will not be enabled with the above commands. It is possible to enable it with the following commands:
config system global set sslvpn-web-mode enable end
config system settings set gui-sslvpn-realms enable end
Note: From v7.0.16 onwards, the SSL VPN feature will not be available on the FortiGate-90G and 91G models.
v7.2.10 still supports SSL VPN on the FortiGate-90G and 91G models. In v7.4.x, this option can be enabled from the CLI using the below commands.
set gui-sslvpn enable end
Starting from v.7.6.x, the SSL VPN web and tunnel mode feature will no longer be available from the GUI or CLI for FortiGates with 2GB of RAM or below. A workaround is to use an IPsec dial-up tunnel for remote access VPN instead: SSL VPN removed from 2GB RAM models for tunnel and web mode
Starting from FortiOS 7.6.3, the SSL VPN tunnel mode feature is no longer available in the GUI and CLI. Settings will not be upgraded from previous FortiOS versions. This applies to all FortiGate models. To ensure uninterrupted remote access, customers must migrate their SSL VPN tunnel mode configuration to IPsec VPN before upgrading to FortiOS 7.6.3, migration from SSL VPN to IPsec VPN can be found here: Migration from SSL VPN tunnel mode to IPsec VPN - FortiGate 7.6.0 new features.
Also, starting from FortiOS v7.4.8 FortiGate G-Series Entry-Level models (including 50G, 70G, 90G, and variants), the GUI and CLI will not support the SSL VPN web and tunnel mode feature. SSL VPN not supported on FortiGate G-series Entry-Level models.
SSLVPN web mode shows an Access Denied error after upgrading to FortiOS 7.4.8 on 2GB models: FortiOS 7.4.8 Known issues: Bug ID - 1164811. The only workaround is to downgrade to 7.4.7 to use the SSL Web mode.
Note: SSLVPN is not included for FortiGate model 30G and 50G SSL VPN on any version. Related articles: |
