Why can an external device access the login page of my Fortigate?

raffaeledp · ‎02-17-2025

Hello everybody, I'm working on a Fortigate 60F (v7.2.10) and I manage my Fortigate at the address:

https://vpn.xxx.com:40443

or

https://79.x.x.x:40443 (for externals)

https://10.1.0.1:40443 (for internals)

because 79.x.x.x is the wan1 interface, I defined two local-in-policy:

Screenshot 2025-02-17 alle 14.42.53.png

login_group is an address group:

Screenshot 2025-02-17 alle 14.44.59.png

Screenshot 2025-02-17 alle 14.46.04.png

HTTPS-40443 is:

Screenshot 2025-02-17 alle 14.52.35.png

The policy n.1 works fine, if I try to access (10.1.0.1:40443 or vpn.xxx.com:40443) I correctly see the login page.

From the same network (10.1.10.0/24), another device, can't (correctly).

If I use an external device (for example my phone), connected to a different external network, it can access vpn.xxx.com:40443 and also 79.x.x.x:40443. The policy n.2 doesn't generate any log. What am I missing?

RDP

raffaeledp · ‎02-17-2025

Hello,

I found the solution. The problem was the address 79.x.x.x. You have to include inside the policy the private address of the interface (192.168.1.4, and not the public 79.x.x.x)

RDP

View solution in original post

raffaeledp · ‎02-17-2025

Hello,

I found the solution. The problem was the address 79.x.x.x. You have to include inside the policy the private address of the interface (192.168.1.4, and not the public 79.x.x.x)

RDP

Why can an external device access the login page of my Fortigate?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website