block vip admin page

rezafathi · ‎02-22-2025

hi

I have a server configured as a vip in my fortigate to be accesses from internet. I want to block it's admin page. (my.domain.com/admin) . I tried the policy with deep packet and ssl inspection along with creating a webfilter and blocked *\admin* but still admin page reachable from internet. how can i block admin page?

Reza F.

dingjerry_FTNT · ‎02-22-2025

Hi @rezafathi ,

Which one did you use, Simple, WildCard or Regex?

Anyway, why did you put a backslash in the entry?

*\admin*

Regards,

Jerry

rezafathi · ‎02-22-2025

hi

I tried with simple and wildcard and also removed / but still admin page is accessible from internet.

Reza F.

dingjerry_FTNT · ‎02-22-2025

Hi @rezafathi ,

Please provide:

1) The firewall policy with VIP applied;

2) The VIP configuration;

3) The SSL Inspection profile configuration;

4) The URL Filter list configuration.

Regards,

Jerry

rezafathi · ‎02-22-2025

here is the screenshots you requested :

Reza F.

dingjerry_FTNT · ‎02-23-2025

Hi @rezafathi ,

Just like what I expected, you used Certificate Inspection for the SSL Inspection profile.

In this way, FGT will detect the hostname only, not the full URL.

You must use Deep Inspection to detect the full path with the "admin" word.

Regards,

Jerry

rezafathi · ‎02-24-2025

i used deep packet inspection but when i want to open the page from internet it shows certificate error and also admin page still opens.

Reza F.

rezafathi · ‎03-11-2025

any help?

Reza F.

block vip admin page

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website