Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Upgrade from 7.0.12 to 7.0.13 query regarding For SSL VPN web mode setups, the following steps are s



I just read the technical tips regarding the upgrade from 7.0.12 to 7.0.13.
And I came across a peculiar line in the following section:

  • Configure set web-mode-snat enable within config vpn ssl settings and configure the first IP address in the IP pool as a secondary IP address on the outgoing FortiGate interface defined in the SSL VPN web mode firewall policy. In this case, the secondary IP address is considered a local address, which allows the FortiGate to be considered a destination that can receive IP pool reply traffic. set web-mode-snat enable was added in FortiOS 7.0.6 and 7.2.0 and then removed in FortiOS 7.2.6, 7.4.0, and future versions after 7.0.12.


So far, we have configured: set web-mode-snat disable
Am I right in understanding, that this option will no longer be available in FortiOS 7.0.13 and thus I have no need for a reconfiguration?


Thank you very much and kind regards.






Yes, that is true and we will no longer  be able to configure ssl vpn web mode as there are potential challenge with SSL VPN Web Mode when it comes to handling modern websites. The newest websites frequently depend on dynamic languages, which can occasionally introduce complications with the redirection process, ultimately leading to incomplete content display.

Considering my experience, I'd recommend exploring alternatives to SSL VPN Web Mode. One potential option is to utilize the ZTNA Access Proxy on FortiGate. The advantage of this approach is that it doesn't require a VPN connection. It is just a proxy connection allowed based on clients ZTNA TAGs.


Thank You,

Raghu Kumar

Raghuram Kumar
Top Kudoed Authors