Absolutely a bug. I'm new to Fortigate, and am setting up a 100F. 3 times now I get this error when clicking the CLI button, to fix it every time, without making any further changes, is to close my incognito no-extensions-installed browser window and start again. Sorry but that is a bug. Browsers follow the instructions given to them and the Fortigate GUI puts itself into this mess. Frustrated, as I have wasted time on this and the only response from Fortigate is to claim its not a bug.

Claiming this isn't a bug is both wrong and not useful.

There are 2 bugs for this

- 412184 was fixed in FortiOS 5.6

- 1155662 in FortiOS 7.2 (and multi-vdoms) has been fixed in FortiOS 7.4.8 with no fix in 7.2, since it passed the End of Engineering Support date.

So make sure your FortiGate is running the recommended version (or newer)
Technical Tip: Recommended Release for FortiOS

I'm running 7.4.9 build 2829 (Mature). Updating needed to be the first thing as it wouldn't register with cloud to get its licenses with the shipped firmware. CLI thing happened again just now.

Yesterday when I had this issue, I was connected via the MGMT port and setting up all the other interfaces and VLANs. Couldn't GUI CLI after that so I closed and re-opened the browser.

Today I did a test fail-over to the HA unit by unplugging the power on the current primary. Test went smoothly, plugged back in, did the same thing with the other unit, also fine. Plugged all back in. Then I couldn't CLI, so I closed and re-opened the browser again to fix.

So then I thought I'd be helpful and raise a case to see if this could get looked at, and I can't reproduce it. No idea :(

But what you describe is completly normal. The RSA keys are not the same for the units, so restarting the browser (clearing the cache/cookies) to access the other unit after failover is quite normal and expected (or CTRL+F5 will achieve the same outcome). 

Sure, that makes technical sense. Doesn't make it less annoying. Closing and re-opening my browser repeatedly isn't fun so I have stopped using the CLI button and SSH in instead.

Something for the suggestion pile for Fortigate to improve upon.

Have a great weekend.

I manage >500 fortigates and run into this all the time. Sometimes I get the error when opening the CLI, sometimes I don't. This happens across versions and browsers. I am currently logged into a 101F running 7.4.9 and it opens the cli fine, another admin logged in and got the error every time he tried. It's more common in 7.4.9 than it was in <7.4.9 but it's happened to me in 7.0 as well. If it's a misconfiguration then it's because the fix isn't documented. It seems far more bug-like to me. I rarely use the web cli because I prefer my ssh client but, when I do use that, it's 50/50 that it will work. I -think- it happens more on HA pairs than standalone but I haven't documented the occurrences well enough to be sure about that. 

I guess you have already verified that the number of concurrent admin users is not limited in config:
Technical Tip: How to set a maximum number of logged-in administrators
or that you are not already logged in multiple windows:
Technical Tip: Restricting multiple admin sessions from the same admin user.

Yep. I'm usually the only one logged in when it happens. Admin count/concurrency aren't limited. It happens often enough that I hardly pay attention to it anymore; its more annoying than a real problem. I just chimed in here because you seem pretty convinced it's a config error and I can say with 100% certainty that it is an undocumented feature and the longer you guys tell everyone it's a config problem, the longer it will take to get it fixed (yes, I accept my own culpability for not opening a ticket. I just don't want to waste that much time/effort trying to get a first-level tech to care enough to listen to me). The problem occurs [seemingly] randomly whether or not there's been a config change. Most of my configs are pushed from FMG so things like the global/admin settings are centrally controlled and don't vary from device to device. If it were a config problem then I would see it on every firewall using those same settings and it wouldn't be sporadic on the same device (sometimes work, sometimes not). It should relate to the browser cache but I've tried clearing the cache with no change. Rebooting the firewall has fixed it but I usually don't reboot for something like that because it's not worth it. Next time it happens I will try killing the admin daemon to see if that helps anything. I haven't paid a lot of attention to whether it happens more in a specific browser but I know I've had it happen in all of them:  Brave, Chrome, Firefox, Edge, and Safari.