Fortigate 100E - Any way to disable the SSL-VPN web portal but still allow SSL-VPN clients to connect?

GassyPhoenix · March 12, 2025, 1:49pm

OuchItBurnsWhenIP · March 12, 2025, 1:49pm

Yes. Change the VPN portal settings to disable web mode but allow tunnelled mode.

pabechan · March 12, 2025, 1:49pm

The login screen will always be visible - it is shared between tunnel- and web-mode.
The only thing you can do is disable webmode in our VPN portal configs, this will result in the web-mode based login leading to a “use FortiClient” screen.

upstairspizza · March 12, 2025, 1:49pm

Like somebody answered before, the login page will always be visible.

However, you can edit the SSL VPN Login page HTML code from System > Replacement messages and make the login page blank.

Article about it

noitalever · March 12, 2025, 1:49pm

Tunnel mode ssl vpn.

If you don’t want to use full tunnel mode just enable split tunneling, or look up “split tunnel ssl for remote users fortigate” in google and follow those docs.

jomo1322 · March 12, 2025, 1:49pm

Was able to remove this by setting it from allow access to all and restricting it to a select few IP’s. Then pointed them at our internal IP’s. Nothing will happen if anyone signs in, but I was concerned with a browser attack with it being public facing even with all access denied. Made a great target for cred harvesting.

Dry-Dealer9452 · March 12, 2025, 1:49pm

I replaced mine with this just to be cheeky:

DISK EXTENDED COLOR BASIC 1.1
COPYRIGHT (C) 1982 BY TANDY
UNDER LICENSE FROM MICROSOFT

OK
> _

proudcanadianeh · March 12, 2025, 1:49pm

Just found this, love it. Stealing it.

Thanks!

InX007 · March 12, 2025, 1:49pm

to funny, stealing it