Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
condor
New Contributor

Created on ‎07-08-2016 09:43 AM

Cannot get access by https GUI administration (only by http)

 

  Hi, i cant get access by https GUI administration, but i can by http. i try with many browsers. Maybe is and SSL error with the certificate, i dont know.

 

 

I check the access configuration:

#config sys int
    edit "port2"
        set vdom "root"
        set allowaccess ping https ssh http fgfm
        set type physical
        set alias "Inside"
        set snmp-index 2

#config sys admin
    edit "sgermano"
        set remote-auth disable
        set peer-auth disable
        set trusthost1 0.0.0.0 0.0.0.0

Thanks!!

11657
0 Kudos
2 Solutions
emnoc
Esteemed Contributor III

Created on ‎07-08-2016 01:13 PM

Trying searching in config sys global for the following line

 

set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

 

eg

 

FGT100DSOCPUPPY01 (global) # show full sys global | grep ssl-versions     set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

Probably your  browser is older or you have a TLS/SSL negotiation issue due the configured version(s).

 

Ken

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
5094
0 Kudos
kallbrandt
Contributor II
In response to condor

Created on ‎07-11-2016 03:34 PM

This is an error most likely caused by your client.

 

Enable TLS1-1.1-1.2 (and turn off SSL v2/3!) in the advanced settings in Internet Explorer. These settings are used by Chrome also as far as I know.

In Firefox, browse to the page "about:config" and check that "security.tls.version.min" is set to 1.

Restart your browsers and try again.

Richie

NSE7

View solution in original post

Richie NSE7
5095
0 Kudos
5 REPLIES 5
emnoc
Esteemed Contributor III

Created on ‎07-08-2016 01:13 PM

Trying searching in config sys global for the following line

 

set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

 

eg

 

FGT100DSOCPUPPY01 (global) # show full sys global | grep ssl-versions     set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

Probably your  browser is older or you have a TLS/SSL negotiation issue due the configured version(s).

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
5095
0 Kudos
condor
New Contributor
In response to emnoc

Created on ‎07-11-2016 08:14 AM

Hi emnoc, exist that line on the global config:

 

# show full | grep "set admin-https-ssl-versions"     set admin-https-ssl-versions tlsv1-1 tlsv1-2

 

I use the same browser on other Fortigate device and work ok.

 

Thanks.

 

5063
0 Kudos
kallbrandt
Contributor II
In response to condor

Created on ‎07-11-2016 03:34 PM

This is an error most likely caused by your client.

 

Enable TLS1-1.1-1.2 (and turn off SSL v2/3!) in the advanced settings in Internet Explorer. These settings are used by Chrome also as far as I know.

In Firefox, browse to the page "about:config" and check that "security.tls.version.min" is set to 1.

Restart your browsers and try again.

Richie

NSE7

Richie NSE7
5096
0 Kudos
condor
New Contributor
In response to kallbrandt

Created on ‎07-12-2016 08:14 AM

Hi kallbrand, security.tls.version.min is set already to 1.

 

if i change the security.tls.version.max would be risky, because i use this browser for all.

 

Thanks.

5063
0 Kudos
condor
New Contributor
In response to condor

Created on ‎07-13-2016 08:32 AM

Hi again, also if i try to get access by ssh, return this message:

ssh user@x.x.x.x
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

5063
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.