To check an SSL-VPN web portal page of the FortiGate firewall exposed on the Internet and disable it, you can follow these steps:
Open a web browser and navigate to the URL of the FortiGate firewall VPN login page. The URL will be in the format: https://your.IP/ (replace your.IP with the actual fireall IP address). Ensure that you can access the VPN login page and that it is functioning correctly. This step is important to verify that the page is indeed exposed on the internet.
Open a new tab or window in your web browser and go to the Fortinet community website for reference. The links provided in your message can be used as a starting point:
Link 1: https://community.fortinet.com/t5/Support-Forum/Disable-SSLVPN-webportal-page/m-p/91469#M91379
Link 2: https://community.fortinet.com/t5/Support-Forum/Disable-SSLVPN-webportal-page/m-p/91466#M91376
Link 3: https://community.fortinet.com/t5/Support-Forum/Disable-SSLVPN-webportal-page/m-p/91471#M91381
Review the information provided in the referenced community posts. These posts should contain steps or guidance on how to disable the SSLVPN web portal page on the FortiGate firewall. Follow the instructions provided in the community posts to edit the SSL-VPN login HTML page. The goal is to make the page blank or non-functional while still allowing the FortiClient to sign in to the SSL VPN. Once you have made the necessary changes, save the HTML page.
Test the FortiGate firewall VPN login page again from an external network to verify that the SSLVPN web portal page is disabled. The page should either be blank or display an error message indicating that it is not accessible.
It’s important to note that modifying firewall settings should be done with caution, and it’s recommended to have a thorough understanding of the system and consult official documentation or seek professional assistance if needed.
Shodan’s search results: 484,460
Am I protected with this stopgap measure in hiding the ssl-vpn authentication page?
Nops :(
While implementing the stopgap measure to hide the SSL VPN authentication page can provide some level of protection, it is important to note that it may not provide complete security. The measure you mentioned involves editing the SSL-VPN login HTML page to make it blank or non-functional while still allowing FortiClient to sign in to the SSL VPN.
Here are a few points to consider:
1. Limited protection: By hiding the authentication page, you reduce its visibility to potential attackers. However, determined attackers can still perform reconnaissance and attempt to exploit other vulnerabilities or gain unauthorized access through different means.
2. Comprehensive security measures: Hiding the authentication page should be seen as a temporary measure. It is crucial to implement a comprehensive security strategy that includes multiple layers of protection, such as strong authentication mechanisms, intrusion detection systems, firewall rules, and regular security updates.
3. Regular updates: It’s important to keep your FortiGate firewall up to date with the latest security patches and firmware releases provided by the vendor. This ensures that known vulnerabilities are mitigated and reduces the risk of unauthorized access.
4. Monitoring and logging: Implementing a robust monitoring and logging system allows you to track and identify any suspicious activity. Regularly reviewing logs and analyzing network traffic can help detect and respond to potential threats.
5. Professional assistance: Consider engaging with a cybersecurity professional or Fortinet support to review your network architecture, configurations, and security measures. They can provide tailored recommendations and assist in implementing robust security measures specific to your environment.
Remember that security is an ongoing process, and it is essential to stay vigilant, continuously assess your network’s security posture, and adapt your measures accordingly.
“Trust no one or anything — and always verify.”
See PSIRT Advisories:
https://www.fortiguard.com/psirt
