Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
martyyy
New Contributor III

Created on ‎08-06-2024 06:13 PM

vulnerabilities - Predictable Resource Location Via Forced Browsing

The security team picked up the below scan on the external firewall which the IP is the SSL vpn used by us.

The ASV scans shows the web directory is accessible via this URL https://x.x.x.x/images/. when I tried to access it from a public network, it redirects me to SSL VPN web portal login page. https://x.x.x.x/remote/login?lang=en

 

Previously article that I looked at

SSL-VPN Connection Attempts - Fortinet Community

 

We want this vulnerabilities to be removed regardless of locations, is there any way we can to disable this file directory/subfolder without impacting the SSL VPN?

 

Appreciate your feedback. TIA :) 

 

Labels:
1295
0 Kudos
1 REPLY 1
amrit
Staff
Staff

Created on ‎08-06-2024 06:52 PM

If you are not using sslvpn web mode, you can disable it using this article https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-SSL-VPN-Web-Mode-or-Tunnel-...

 

2. You can also restrict the access to the sslvpn portal via local in policy . Please check this link

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-Allowing-access-to-the-FortiGa...

 

 

Amritpal Singh
1287
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.