After pentests we have issue about showing SSLVPN webpage. I need use SSLVPN only in tunnel mode (this is not problem), but without showing any page in browser. I looked on cli and gui and can`t still found any solution, how disable web page, but still have actvite tunnel mode.
I am positive that there is no such option to disable the access to the Web GUI(ssl-vpn) alone.
However, you can remove all the widgets removed from the portal, again, I don't think this will solve your problem.
You can try the below:
config vpn ssl settings
set url-obscuration enable
This field is available when sslvpn-enable(under same vpn ssl settings) is set to enable. Enable to encrypt the host name of the url in the display (web address) of the browser for web mode only. This is a requirement for ICSA ssl vpn certification. Also, if enabled, bookmark details are not visible (field is blank.).
I found that even disabling web-mode on all portals still presented a login page on the outside interface.
I left all portals with everything disabled that I could and then in order for this to go away - I had to delete the SSL security policy in policy & objects > IPv4 policy that permitted it and it no longer works.
This is as close as I could find to disabling SSL.
On the SSL-VPN Settings page, you can remove the WAN interfaces from the "Listen On Interface(s)" config. The firewall requires at least one interface in this field but you can add DMZ or some other unused interface to prevent it from responding on the internet.
Update: This disables the SSL VPN completely which is what I do when using the IPSec based Forticlient VPN config instead.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.