Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Fortigate60F , Unable to login Via Web Portal anymore. only CLI working

Hi there , 

we are using Fortinet 60F and it was working all good and I can login via Https , but suddenly its stop working , i cannot access it , I have tried rebooting but no luck , the only way i can access is TELNET and I am not good on CLI , i have check some basic commands , i have tried already killing the Https daemon , and check the ports (http , https) for connectivity but I am still not getting any luck , I have also checked the storage which is all good, I am not sure what the Issue is , could this be a trusted IP issue ? i don't know as i was using the same IP address to access the console before. Any help will be much appreciated :) , Thanks in Advance

1 Solution
New Contributor II

today i got my firewall support renewed , and the issue was the "trusted host" , only one public IP was allowed to access it , and it was the last support company did this in intention , see below the results. I have public their public address as well.

Thanks everyone for your help @saneeshpv_FTNT @AnthonyH @smaruvala @Rajan_kohli 




View solution in original post




As a first step you can verify from the CLI by running below commands if the traffic is reaching your FortiGate appliance or not when you access GUI


# diagnose sniffer packet any 'host <PCIP>" 4


Also please check if the HTTPS service is enabled on the respective interface under

"config system interface" -> "edit <interface>" -> "show"


Best Regards,



New Contributor II

Hi there , I have tried the first command you sent me and once i put on the screen their is only > i can see , i have tried logging in again with https but no update screen is still the same

Sorry i have no experience in working in CLI so i may be doing something wrong

Screenshot 2024-02-23 143430.jpg


Hi @AdilHamid,


You need to replace <PCIP> with your computer IP address. For example: "diagnose sniffer packet any 'host' 4'.



New Contributor II

More Information is on the screen below , Firewall is working but only the web Interface stops working



Screenshot 2024-02-23 145123.png


Hi @AdilHamid 


run this command on your windows machine: ipconfig

copy your computer ip address and then use in sniffer : diagnose sniffer packet any 'host x.x.x.x' 4 0 l

replace x.x.x.x with your computer ip address




Rajan Kohli



There is typo error in the command. 


Please find the right command

# diagnose sniffer packet any "host <PCIP>" 4


Note: Replace <PCIP> with your client machine IP from where you access FGT GUI.


I would request you to also check the Admin Access port for the GUI access, maybe its not the default 443.


show full | grep admin-port          
set admin-port 80 
show full | grep admin-sport
set admin-sport 443

Please also ugrade the Fimrware version to 7.2 or above as your current version is end of Eng Support. You can open a support case for upgrade recommendations.


Please also review some of the article describing initial troubleshooting for GUI access issues. 


Best Regards,




Hi there ,

Sorry for late reply , yes I have tested all the commands please see below the results I tried ...


HGB-60F # diagnose sniffer packet any "port 10443"
filters=[port 10443]
7.213406 -> syn 900425116
10.220148 -> syn 900425116
16.220719 -> syn 900425116
70.429139 -> syn 1460492924
70.430836 -> syn 3826224584
70.679872 -> syn 802313451
73.429239 -> syn 1460492924
73.431129 -> syn 3826224584


But still unable to connect 


the Port and Sport info below

HGB-60F # show full-configuration | grep admin-port
set admin-port 8089

HGB-60F # show full-configuration | grep admin-sport
set admin-sport 10443


HGB-60F # show system interface Matza\ LAN
config system interface
edit "Matza LAN"
set vdom "root"
set ip
set allowaccess ping https ssh
set type hard-switch
set stp enable
set device-identification enable
set lldp-transmission enable
set role lan
set snmp-index 11



As you can see the allow access for SSH as well and I am not getting just Web portal , i cannot get connect to SSH , not sure whats happening here , 


@saneeshpv_FTNT , I am not sure how I will update the firmware through the CLI ? any help please. 




You firewall is listening on port 10443 and your interface configuration looks fine. Could you please also check the Local-In policy in Firewall is there for port 10443 and Fortinet Certificate is selected under config system global


To check for Local-in policy for port 10443 is available.

show firewall local-in-policy | grep 10443


Also make sure Fortinet-Factory certificate is selected under "config system global'


config system global
show | grep "admin"



Once these things are verified you can run debug using below commands and share it here.

diag debug reset
diag debug flow filter saddr
diag debug flow filter daddr
diag debug flow filter dport 10443
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 100
diag debug enable


Now try to connect to GUI from the PC and after that you can disable debug using below command.


diag debug disable
diag debug reset



You just mentioned, you cannot connect SSH here. So how do you collect the logs? via console ?


If any of the above doesn't work you can upgrade Firmware using CLI by using TFTP method. below links will help you with steps.

Technical Tip: FortiGate TFTP Upgrade - Fortinet Community 

Technical Tip: How to upgrade the FortiGate firmwa... - Fortinet Community


Even after upgrade things doesn't go well, I would recommend you open a ticket with our Support team for assistance.


Best Regards

New Contributor II

Hi there , 

please check below , I am not seeing any Certificate information below , let me know if there is any command to add this. see below

HGB-60F # show firewall local-in-policy | grep 10443

HGB-60F # show system global
config system global
set admin-https-redirect disable
set admin-port 8089
set admin-sport 10443
set alias "FortiGate-60F"
set gui-certificates enable
set gui-fortisandbox-cloud enable
set gui-ipv6 enable
set gui-theme neutrino
set gui-wireless-opensecurity enable
set hostname "HGB-60F"
set switch-controller enable
set timezone 25

HGB-60F # show | grep "admin"
set admin-https-redirect disable
set admin-port 8089
set admin-sport 10443
edit "prof_admin"
config system admin
edit "admin"
set accprofile "super_admin"
config system sso-admin
config system replacemsg admin "pre_admin-disclaimer-text"
config system replacemsg admin "post_admin-disclaimer-text"
config system replacemsg nac-quar "nac-quar-admin"
<p>Your network access has been restricted due to the detection of potentially malicious traffic. Please contact your network administrator for further information.</p>
set admin enable
set admin enable
set admin-login-logs enable





Top Kudoed Authors