Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ketanest
New Contributor II

Created on ‎07-15-2025 04:44 AM Edited on ‎07-15-2025 04:46 AM

Has Forti SRA different GUIs?

Hi together,

 

we are actually implementing Forti SRA for remote access for our admins. We installed the SRA VM in our DMZ, only one interface with a RFC1918 IP address. On the Fortigate in the datacenter we have a VIP forwarding an external IP to the SRA.

Connecting to the SRA is possible but it seems that there are two different GUIs in the SRA (look at the screenshots attached). Sometimes one appears, sometimes the other. We didn't find out yet on what it depends. If the "well-known" Fortinet GUI appears, there is a message

Connection to the interface IP address via the GUI is only used for uploading the license. All FortiSRA configuration should be performed by connecting to the proxy address

Also after logging in via this way if one accesses the secrets there is a message

The feature is not available on interface IP.

It does not depend on the browser used (Chrome, Edge, Firefox), the browser plugin is installed in every browser.

When the Forti SRA Login page appears everything is fine.

When connecting to the Proxy address as requested by on of the messages (https://FQDN:8080) there is a "PR_END_OF_FILE_ERROR".

 

Can anyone help with that? If there is more information needed, please advise which config options we should share.

 

2025-07-15 13_20_47-sra.birkenstock.com_login_redir=%2F.png2025-07-15 13_24_23-FortiSRA - BS-153-FortiSRA01 – Mozilla Firefox Privater Modus.png2025-07-15 13_24_36-FortiSRA - BS-153-FortiSRA01 – Mozilla Firefox Privater Modus.png2025-07-15 13_25_26-FortiSRA Login – Mozilla Firefox.png

Labels:
192
0 Kudos
2 REPLIES 2
rbraha
Staff
Staff

Created on ‎07-23-2025 04:47 AM

Hi @Ketanest 

 

On the first screenshot after you are logged in , you should install FortiSRA license , after the license is validated you will be able to access it through vip interface configured on FPAM.

Please check installation and licensing guide.

 

https://docs.fortinet.com/document/fortisra/1.6.0/administration-guide/122682/fortisra-appliance-set...

149
Ketanest
New Contributor II
In response to rbraha

Created on ‎07-24-2025 01:46 AM

Thanks for your reply! We followed the guide when setting it up. Is it necessary to use two different IP addresses? One for the physical interface (management gui) and one different for the vip (web portal)? The admin guide tells to enable synchronizing the virtual IP address to the IP address of the external interface so we thought it is sufficient to only use one address for SRA.

130
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.