Disable SSL VPN Portal
If you are in an environment where you want to make sure that the SSL VPN portal page does NOT show that is fine. You can use the following command to disable the SSL VPN Portal page of a FortiGate
Config VPN SSL Settings
Set sslvpn-enable disable
End
This is commonly used when you are wanting to accept only IPSec tunnels etc to your device. I usually just leave mine up and customize the page to look cool and creative but that is me!
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
It appears this command does not work on a FortGate 60D
set sslvpn-enable disable
command parse error before ‘sslvpn-enable’
Command fail. Return code -61
What version of FortiOS are you running?
Hi Mike-
I know this is an old post, but how do you disable in 5.6.3. PCI Compliance scanning is picking up on the SSL and failing the scan because of the self signed certificate.
heya,
you can use CLI command to unset the listening interface
Unfortunately doesn’t seem to work anymore:
Please set source-interface in vpn.ssl.settings as some of the authentication rules do not have source-interface.
object check operator error, -2007, discard the setting
Command fail. Return code -2007
Hey,
Here is an issue I am having.
I have two sites each with FGT300e. Let’s called them Site A and B.
Site A: has a faster WAN service (fiber – local IP: 10.66.2.1)
Site B: slow internet service (copper- public: 22.3.4.1)
Site A and B are interconnected with a local fiber loop through a switch.
– I have Site A and B configured with routes/policy for local subnets. That is working fine.
– Now, I want site B internet service to go through Site.
Configured Static route/policy pointing to that but still no luck. Traffic either goes through the slow WAN link with public IP or drops.
Any idea what I might be doing wrong? How do I get this done? Making sure site B gets internet service via site A.
To Mike, As you mentioned you customize web portal instead of shutting it out, how you do it?
Otherwise is it possible to redirect that to something else?
Thanks
Hey Guru, we are running FG 100E with 6.0.9 version but command you are suggesting: set sslvpn-enable disable
gives reply:
command parse error before ‘sslvpn-enable’
Command fail. Return code -61
Do you know any effective way to disable ssl-vpn leaving only ipsec ones?
Nowadays it’s much more important when there is known Apache Guacamole bug known…
You can configure the SSLVPN to not listen on the external interfaces. That is one method.
Hi,
Hopefully getting an answer. Is it possible to implement lifetime rules for SSL accounts? For example deactivate a customer account after 3 months if there was no connection and delete it after 6 months?
Thank you in advance