Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
condor
New Contributor

Cannot get access by https GUI administration (only by http)

 

  Hi, i cant get access by https GUI administration, but i can by http. i try with many browsers. Maybe is and SSL error with the certificate, i dont know.

 

 

I check the access configuration:

#config sys int
    edit "port2"
        set vdom "root"
        set allowaccess ping https ssh http fgfm
        set type physical
        set alias "Inside"
        set snmp-index 2

#config sys admin
    edit "sgermano"
        set remote-auth disable
        set peer-auth disable
        set trusthost1 0.0.0.0 0.0.0.0

Thanks!!

2 Solutions
emnoc
Esteemed Contributor III

Trying searching in config sys global for the following line

 

set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

 

eg

 

FGT100DSOCPUPPY01 (global) # show full sys global | grep ssl-versions     set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

Probably your  browser is older or you have a TLS/SSL negotiation issue due the configured version(s).

 

Ken

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
kallbrandt

This is an error most likely caused by your client.

 

Enable TLS1-1.1-1.2 (and turn off SSL v2/3!) in the advanced settings in Internet Explorer. These settings are used by Chrome also as far as I know.

In Firefox, browse to the page "about:config" and check that "security.tls.version.min" is set to 1.

Restart your browsers and try again.

Richie

NSE7

View solution in original post

Richie NSE7
5 REPLIES 5
emnoc
Esteemed Contributor III

Trying searching in config sys global for the following line

 

set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

 

eg

 

FGT100DSOCPUPPY01 (global) # show full sys global | grep ssl-versions     set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

Probably your  browser is older or you have a TLS/SSL negotiation issue due the configured version(s).

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
condor
New Contributor

Hi emnoc, exist that line on the global config:

 

# show full | grep "set admin-https-ssl-versions"     set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

I use the same browser on other Fortigate device and work ok.

 

Thanks.

 

kallbrandt

This is an error most likely caused by your client.

 

Enable TLS1-1.1-1.2 (and turn off SSL v2/3!) in the advanced settings in Internet Explorer. These settings are used by Chrome also as far as I know.

In Firefox, browse to the page "about:config" and check that "security.tls.version.min" is set to 1.

Restart your browsers and try again.

Richie

NSE7

Richie NSE7
condor

Hi kallbrand, security.tls.version.min is set already to 1.

 

if i change the security.tls.version.max would be risky, because i use this browser for all.

 

Thanks.

condor
New Contributor

Hi again, also if i try to get access by ssh, return this message:

ssh user@x.x.x.x
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors