Upgrade from 7.0.12 to 7.0.13 query regarding For SSL VPN web mode setups, the following steps are s

ib24 · ‎11-09-2023

Hello,

I just read the technical tips regarding the upgrade from 7.0.12 to 7.0.13.
And I came across a peculiar line in the following section:

Configure set web-mode-snat enable within config vpn ssl settings and configure the first IP address in the IP pool as a secondary IP address on the outgoing FortiGate interface defined in the SSL VPN web mode firewall policy. In this case, the secondary IP address is considered a local address, which allows the FortiGate to be considered a destination that can receive IP pool reply traffic. set web-mode-snat enable was added in FortiOS 7.0.6 and 7.2.0 and then removed in FortiOS 7.2.6, 7.4.0, and future versions after 7.0.12.

So far, we have configured: set web-mode-snat disable
Am I right in understanding, that this option will no longer be available in FortiOS 7.0.13 and thus I have no need for a reconfiguration?

Thank you very much and kind regards.

Raghu_Kumar · ‎11-12-2023

Hello,

Yes, that is true and we will no longer be able to configure ssl vpn web mode as there are potential challenge with SSL VPN Web Mode when it comes to handling modern websites. The newest websites frequently depend on dynamic languages, which can occasionally introduce complications with the redirection process, ultimately leading to incomplete content display.

Considering my experience, I'd recommend exploring alternatives to SSL VPN Web Mode. One potential option is to utilize the ZTNA Access Proxy on FortiGate. The advantage of this approach is that it doesn't require a VPN connection. It is just a proxy connection allowed based on clients ZTNA TAGs.

Thank You,

Raghu Kumar

Raghuram Kumar

Upgrade from 7.0.12 to 7.0.13 query regarding For SSL VPN web mode setups, the following steps are s

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website