Cannot connect Fortigate GUI

net300 · ‎06-19-2021

I am a Fortigate newcomer, and facing a primary problem. I cannot connect the GUI.

I set the port1 from dynamic IP to static 192.168.1.129/24, and make sure I can ping or SSH to CLI successfully.

Also added trusted ip into admin. Port 443 is added into admin.

#config-version=FGVMK6-7.0.0-FW-build0066-210330:opmode=1:vdom=0:user=admin

config system interface edit "port1" set vdom "root" set ip 192.168.1.129 255.255.255.0 set allowaccess ping https ssh fgfm set type physical set snmp-index 1 next end

config system admin edit "admin" set trusthost1 192.168.1.0 255.255.255.0 set accprofile "super_admin" set vdom "root" set password ENC SH2dFe0rddTB25giXY+SiN4D9zfTs6jWb+/0V/ayQ91SlHK1cvWP2qm1kBEV7w= next end

FortiGate-VM64-KVM # show full | grep admin- set admin-concurrent enable set admin-console-timeout 0 set admin-forticloud-sso-login disable set admin-https-pki-required disable set admin-https-ssl-versions tlsv1-2 set admin-lockout-duration 60 set admin-lockout-threshold 3 set admin-login-max 100 set admin-maintainer enable set admin-port 80 set admin-restrict-local disable set admin-scp disable set admin-server-cert "self-sign" set admin-sport 443 set admin-ssh-grace-time 120 set admin-ssh-password enable set admin-ssh-port 22 set admin-ssh-v1 disable set admin-telnet enable set admin-telnet-port 23

Also I tried to restart httsd, but it did not work.

# dia sys process pidof httpsd

# dia sys kill XX

When I https://192.168.1.129, it shows "192.168.1.129 refused to connect."

I opened the debug, it shows below:

[httpsd 1227 - 1624156059 info] fweb_debug_final[260] -- Completed GET request for "/api/v2/monitor/web-ui/node-exports" (HTTP 200) [httpsd 1240 - 1624156059 info] fweb_debug_init[355] -- New GET request for "/api/v2/cmdb/system/admin" from "127.0.0.1:12746" [httpsd 1240 - 1624156059 info] fweb_debug_init[356] -- User-Agent: "Node.js" [httpsd 1240 - 1624156059 info] fweb_debug_init[358] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 1240 - 1624156059 info] api_access_check_for_faz_fmg_or_csf[183] -- Node.js request authorized. [httpsd 1240 - 1624156059 info] api_cmdb_request_init_by_path[1535] -- new CMDB query (path='system',name='admin') [httpsd 1240 - 1624156059 info] api_generate_and_add_etag[1888] -- Per VDOM ETags: [ { "root": "1e7aab7cde776f0c02e12e7f6ddd20d3" } ] [httpsd 1240 - 1624156059 info] api_generate_and_add_etag[1891] -- New ETag: C3699F7B34B5C65F861C89BF36E823795624CC0D189369C94E0351C25EC99195 [httpsd 1240 - 1624156059 info] api_generate_request_hash[1784] -- hash_str: { "uri": "\/api\/v2\/cmdb\/system\/admin", "params": { "path": "system", "name": "admin", } [httpsd 1240 - 1624156059 info] api_generate_request_hash[1785] -- revisions: [ "1e7aab7cde776f0c02e12e7f6ddd20d3", "1e7aab7cde776f0c02e12e7f6ddd20d3" ] [httpsd 1240 - 1624156059 info] get_cache_lock[64] -- Cache: locking /tmp/api_cache/68E09E383A51031E401949FCA82FE5A3A797263EFD0E491A199BCA2882606A46-8AE4C87FD872425332. [httpsd 1240 - 1624156059 info] get_cache_lock[80] -- Cache: locked /tmp/api_cache/68E09E383A51031E401949FCA82FE5A3A797263EFD0E491A199BCA2882606A46-8AE4C87FD8724253320) [httpsd 1240 - 1624156059 info] api_response_from_cache[1110] -- API response is generated from cache. [httpsd 1240 - 1624156059 info] fweb_debug_final[260] -- Completed GET request for "/api/v2/cmdb/system/admin" (HTTP 200 OK) [httpsd 1240 - 1624156059 info] fweb_debug_init[355] -- New GET request for "/api/v2/cmdb/system/interface" from "127.0.0.1:12747" [httpsd 1240 - 1624156059 info] fweb_debug_init[356] -- User-Agent: "Node.js" [httpsd 1240 - 1624156059 info] fweb_debug_init[358] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 1240 - 1624156059 info] api_access_check_for_faz_fmg_or_csf[183] -- Node.js request authorized. [httpsd 1240 - 1624156059 info] api_cmdb_request_init_by_path[1535] -- new CMDB query (path='system',name='interface') [httpsd 1240 - 1624156059 info] api_generate_and_add_etag[1888] -- Per VDOM ETags: [ { "root": "caf690db43843abce34a47be13137187" } ] [httpsd 1240 - 1624156059 info] api_generate_and_add_etag[1891] -- New ETag: B8CD90A89A3EA3641095DA6000AE0B0E3E28AD1CAA790C4EE387EAAD180C9A7B [httpsd 1240 - 1624156059 info] api_generate_request_hash[1784] -- hash_str: { "uri": "\/api\/v2\/cmdb\/system\/interface", "params": { "path": "system", "name": "inte} [httpsd 1240 - 1624156059 info] api_generate_request_hash[1785] -- revisions: [ "caf690db43843abce34a47be13137187", "1e7aab7cde776f0c02e12e7f6ddd20d3" ] [httpsd 1240 - 1624156059 info] get_cache_lock[64] -- Cache: locking /tmp/api_cache/63BDC89F936F4334779775C0E4AACA0C1B4F3FC802AE3F63AFE17E8C1F561D96-F68E3748A2DE0BBD30. [httpsd 1240 - 1624156059 info] get_cache_lock[80] -- Cache: locked /tmp/api_cache/63BDC89F936F4334779775C0E4AACA0C1B4F3FC802AE3F63AFE17E8C1F561D96-F68E3748A2DE0BBD306) [httpsd 1240 - 1624156059 info] api_response_from_cache[1110] -- API response is generated from cache. [httpsd 1240 - 1624156059 info] fweb_debug_final[260] -- Completed GET request for "/api/v2/cmdb/system/interface" (HTTP 200 OK) [httpsd 1240 - 1624156059 info] fweb_debug_init[355] -- New GET request for "/api/v2/monitor/web-ui/node-exports/vdom" from "127.0.0.1:12748"

May I know if there is anything I need to check with?

Matthew_Snyders · ‎06-22-2023

Hi did you ever resolve this issue ? I have exactly the same problem !! Fully accessible via SSH but not via HTTPS...

ndumaj · ‎06-28-2023

Hi,
Please check admin server certificate,
Also review the following articles:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Error-ERR-CONNECTION-REFUSED-is-rece...
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Cannot-access-the-FortiGate-web-admi...

hope it helps

- Happy to help, hit like and accept the solution -