Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinet-davidy
New Contributor

Access fortigate via http and https

Hi Please see the below config, which include http and https. why I can only access it via http instead of https? thanks

 

 

FG01 # sh system interface
config system interface
edit "port1"
set vdom "root"
set ip 192.168.1.221 255.255.255.0
set allowaccess ping https ssh http
set type physical
set snmp-index 1

2 Solutions
gfleming

You can just try using the factory cert. It should work. Please try:

 

config system global
  set auth-cert Fortinet_GUI_Server
end

 

More info here: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/499047/using-the-default-cer...

 

You can also of course create your own certificate from your own PKI if you have one.

Cheers,
Graham

View solution in original post

pminarik

It's an unlicensed trial VM, isn't it?
If yes, that's how it should work. HTTP only.

 

HTTPS for admin GUI on trial VMs works only since the permanent trial VM change in 7.2.1. (link)

[ corrections always welcome ]

View solution in original post

15 REPLIES 15
gfleming
Staff
Staff

 get system global | grep admin-sport

 

that will show you what port you need to use to get access to the HTTPS connection.

Cheers,
Graham
fortinet-davidy
New Contributor

Thanks for your reply! Please see the below. Is that meaning 443 is open? but i still cannot access it via https.

 

FG01 # get system global | grep admin-sport
admin-sport : 443

gfleming

What happens when you try to access it?

 

It is possible you have something conflicting with it such as SSL VPN or a VIP?

Cheers,
Graham
fortinet-davidy

When I access it via https, I got the below page. why no problem with http? 

the second screenshot is NMAP scaning result. is there some issue? I can see some error in it. 

 

 

fortinetdavidy_1-1674691385276.png

 

 

fortinetdavidy_0-1674691233648.png

 

gfleming

Likely an issue with the certificate on the Fortigate that is being used for SSL communications. Can you try a different browser like Firefox? Do you get a different message?

 

Is your date/time set correctly on both the FortiGate and the computer?

 

Can you show the certificate details? Click on the icon/tab next to the URL and see what it shows:

gfleming_0-1674693516643.png

 

 

Cheers,
Graham
fortinet-davidy

 

Attached two pictures: the first one is from Chrome where it does not Certificate item,  and second is from Firefox. 

 

fortinetdavidy_0-1674697074231.png

 

 

 

fortinetdavidy_1-1674697340536.png

 

gfleming

Do you have any VIPs doing DNAT on port 443?

 

Do you have SSL VPN configured for port 443?

 

Can you show output of 

get system global | grep auth-cert

 

And what version of FortiOS?

Cheers,
Graham
fortinet-davidy

Hi Graham, thanks for your reply. Please see the below

It looks like certificate issue. if so we need to get the self certificate out from the device and imput it into web browser, right? 

 

 

FG01 # get system global | grep auth-cert
auth-cert : self-sign

gfleming

You can just try using the factory cert. It should work. Please try:

 

config system global
  set auth-cert Fortinet_GUI_Server
end

 

More info here: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/499047/using-the-default-cer...

 

You can also of course create your own certificate from your own PKI if you have one.

Cheers,
Graham
Labels
Top Kudoed Authors