Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Disable SSLVPN webportal page
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disable SSLVPN webportal page
Hello
After pentests we have issue about showing SSLVPN webpage. I need use SSLVPN only in tunnel mode (this is not problem), but without showing any page in browser. I looked on cli and gui and can`t still found any solution, how disable web page, but still have actvite tunnel mode.
Do you have any idea?
Thank you
NSE8 #3111
Solved! Go to Solution.
NSE8 #3111
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
3 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey guys,
I searched info about disabling SSL-VPN and found this.
What I have done is unsetting the options configured through CLI, for example:
config vpn ssl settings unset port unset source-interface "wan1"
Regards!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no option to disable Web GUI access for SSL VPN
But you can edit the replacement Message for SSL-VPN login page.
SYSTEM> Replacement Message > SSL-VPN login page.
You can Deleted the Body of HTML. then when you try to access your web portal(SSL-VPN) the login page will not show.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a fix guys!!!!
Do the following and your SSL-VPN login HTML page will be blank and the FortiClient will still be able to sign in to the SSL VPN! even with FortiToken.
====
At the top of the HTML add the lines:
<style>
.prompt {
display: none;
}
</style>
=====
At the top of the HTML remove the single line:
<link href="/css/main-blue.css" rel="stylesheet" type="text/css">
=======
Example snippet from the top of the HTML including both fixes above.
<!DOCTYPE html>
<html lang="en" class="main-app">
<head>
<style>
.prompt {
display: none;
}
</style>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="apple-itunes-app" content="app-id=1475674905">
<link href="/css/main-blue.css" rel="stylesheet" type="text/css">
<title>
Please Login
</title>
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am positive that there is no such option to disable the access to the Web GUI(ssl-vpn) alone.
However, you can remove all the widgets removed from the portal, again, I don't think this will solve your problem.
You can try the below:
config vpn ssl settings
set url-obscuration enable
end
This field is available when sslvpn-enable(under same vpn ssl settings) is set to enable. Enable to encrypt the host name of the url in the display (web address) of the browser for web mode only. This is a requirement for ICSA ssl vpn certification. Also, if enabled, bookmark details are not visible (field is blank.).
Cheers!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can disable "Web Mode" in SSL-VPN Portals.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found that even disabling web-mode on all portals still presented a login page on the outside interface.
I left all portals with everything disabled that I could and then in order for this to go away - I had to delete the SSL security policy in policy & objects > IPv4 policy that permitted it and it no longer works.
This is as close as I could find to disabling SSL.
I'm running 6.0.4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey guys,
I searched info about disabling SSL-VPN and found this.
What I have done is unsetting the options configured through CLI, for example:
config vpn ssl settings unset port unset source-interface "wan1"
Regards!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ron_Uss,
Have you found a solution to this? I would also like to disable the login page and just use tunnel mode.
matt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the SSL-VPN Settings page, you can remove the WAN interfaces from the "Listen On Interface(s)" config. The firewall requires at least one interface in this field but you can add DMZ or some other unused interface to prevent it from responding on the internet.
Update: This disables the SSL VPN completely which is what I do when using the IPSec based Forticlient VPN config instead.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no option to disable Web GUI access for SSL VPN
But you can edit the replacement Message for SSL-VPN login page.
SYSTEM> Replacement Message > SSL-VPN login page.
You can Deleted the Body of HTML. then when you try to access your web portal(SSL-VPN) the login page will not show.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Leo,
If you delete the body of the HMTL that will break the ability to sign on to tunnel mode SSL VPN via FortiClient.
I am also trying to find a work around for hiding the HTML page but keep the SSL VPN tunnel mode working for my FortiClient users.
I will let you all know if I find something.
Nick
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a fix guys!!!!
Do the following and your SSL-VPN login HTML page will be blank and the FortiClient will still be able to sign in to the SSL VPN! even with FortiToken.
====
At the top of the HTML add the lines:
<style>
.prompt {
display: none;
}
</style>
=====
At the top of the HTML remove the single line:
<link href="/css/main-blue.css" rel="stylesheet" type="text/css">
=======
Example snippet from the top of the HTML including both fixes above.
<!DOCTYPE html>
<html lang="en" class="main-app">
<head>
<style>
.prompt {
display: none;
}
</style>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="apple-itunes-app" content="app-id=1475674905">
<link href="/css/main-blue.css" rel="stylesheet" type="text/css">
<title>
Please Login
</title>
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiClient - disconnect/reconnect issue 402 Views
- Configuring SSL VPN, with SAML Authentication... 498 Views
- remote internet access with ssl vpn... 423 Views
- /proxy/ issue over sslvpn webportal for... 566 Views
- Curious about Web Portal for SSLVPN 695 Views
Labels
-
FortiGate
8,525 -
FortiClient
1,724 -
5.2
801 -
FortiManager
717 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
463 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
225 -
FortiWeb
201 -
5.0
196 -
IPsec
191 -
FortiNAC
181 -
FortiGuard
136 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
85 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
74 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
48 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
41 -
DNS
41 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
NAT
32 -
SSO
31 -
Interface
31 -
RADIUS
30 -
FortiConnect
28 -
FortiLink
27 -
FortiWAN
26 -
VDOM
26 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
21 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Intrusion prevention
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1666 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.