Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ian_Harrison
New Contributor

Created on ‎11-18-2014 06:01 AM

Can't access web interface

Hi

I have two FortiGate (3240C) firewalls (v5.0.6 - 0271) both managed by a FortiManager (200D). I can access the web site on one of the Fortigates and can manage both of them from the FortiManager.  However on one of the Fortigates I can't access the web site at all to check it.  I have checked that the ports are correct 80 and 443 via the Fortimanager. 

 

When I try to connect to the firewall website I just get a message that the page can't be found.

 

What can I check or change to get the website back up and running on the Fortiagte?

 

Any ideas

 

Thanks

Ian

 

Web: www.activatelearning.ac.uk

Twitter: twitter.com/activate_learn

Facebook: facebook.com/Activate-Learning

 

Web: www.activatelearning.ac.uk Twitter: twitter.com/activate_learn Facebook: facebook.com/Activate-Learning
Labels:
65734
0 Kudos
2 REPLIES 2
Dave_Hall
Honored Contributor

Created on ‎11-18-2014 07:00 AM

Hi Ian.

 

Welcome to the forums.

 

If you can not access the fgt from SSH try to remote connect using the CLI tunnel connection from the FortiManger. 

 

Once connected to the affected Fortiate, perform a get system global on the CLI. Look for the lines admin-https-redirect and admin-port, and admin-sport - confirm those settings are correct. 

 

Next perform show firewall vip | grep extport and see if any port 80 or 443 shows up. If there is then it means there is a port-forward setup on the fgt using the same "admin ports" connections.  You will need to change the admin ports to something else (e.g. 8080, 8443).

 

The only times I couldn't connect to a fgt at all (GUI or CLI) was when the fgt was behind double-NAT or the fgt was running in conserve mode. 

 

As an alternately suggestion to connecting to the fgt, you can always check the config from the revision history.

 

 

 

Edit: You will want to upgrade the firmware on those fgt due to the heartbleed exploit. 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
47 KB
2786
0 Kudos
narendra_prasad
New Contributor

Created on ‎09-09-2015 12:49 AM

I am facing the same issue. I am unable to access Fortigate 600c Web interface suddenly but the at the same time firewall is accessible via telnet.

 

 

when i check "NETSTAT" command output on my system towards Firewall IP (10.50.56.65), it show "SYN_SENT".

 

 

Please suggest any solution and trouble shooting steps.

 

 

Narendra Prasad
Narendra Prasad
Preview file
20 KB
2786
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.