Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

SSL VPN - Web mode disabled, but Forticlient connects in web mode

Hi Team, 

We would like to use SSL VPN in tunnel mode only. We have disabled the web mode on portal, but some users using Forticlient are connected in ssl-web mode. After numerous session resets clients finally connect in tunnel mode. Any ideas and help finding the reason is appreciated.



Thank you for your question. Can you share some screenshots how Forticlient is connected in Webmode? Or how are you checking this exactly?


After login there's an error on the Forticlient:Forticlient.png

Here is what we see on the Fortigate:


And the event log:


Valued Contributor

Have you created the Authentication rule, so users in question will be mapped unequivocally to the specific portal where the Web mode is disabled ? By your description sounds like they fall through and finally reach default rule which has Web mode enabled.  It is also possible when you have the same users located in multiple AD groups with each group having different portals.


Yuri  blog: All things Fortinet, no ads.
Yuri blog: All things Fortinet, no ads.
New Contributor III

Yes, you need to correctly map the user groups to the correct portal. And also, the Forticlient only uses tunnel-mode, so this is weird.


A problem here is that, even though web-mode is disabled, if you try to access the vpn portal address through browser, tha page is still presented, although no one will be able to authenticate.

New Contributor

The users are authenticated and mapped to one portal. We use Azure as Identity Provider  if that matters. This particular problem happens only to limited number of users, who have the very  same group assignments as the rest, who never experience it and are able to connect normally.

New Contributor

Did you ever find the root cause for this?  I'm seeing the same thing in my environment and am mystified as to why this is happening.

New Contributor

I am also seeing this. Using FortiClient to Fortigate 7.0.6Build0366. Just one user is failing to connect and FG logs show it's trying to connect via web mode.

New Contributor

Hi, does anyone found solution of this problem? In some cases users login correctly when change network to LTE...

Top Kudoed Authors