How to restore FortiGate Web Admin GUI Access

Have you lost access to your Fortigate GUI and looking for solution to restore the access? Here are the possible causes for GUI to become inaccessible. Before we continue further, I assume that you have access to Fortigate either via Console or SSH to perform these steps.

1. Enable GUI access, either HTTP or HTTPS

In this article, I talk about GUI access on LAN interface but you choose whichever interface that you want to enable GUI.

FG100D # show system interface ?
FG100D # show system interface lan
config system interface
edit “lan”
set vdom “root”
set ip 172.20.10.100 255.255.255.255
set allowaccess ping https
set type physical
set alias “LAN_NETWORK”
set role lan
set snmp-index 1
next
end

If https is not enabled, then execute following command to enable.

FG100D # config system interface
FG100D (interface) # edit lan
FG100D (wan1) # set allowaccess https

 

2.Verify that your IP address have access to GUI

FG100D # show sys admin
config system admin
edit “itadmin”
set trusthost1 172.20.10.161 255.255.255.255
set accprofile “super_admin”
set vdom “root”
set password ENC AK1TEX/Ry0cUk=
next
end

If you do not find your IP address in “trusted host” list, add it then try accessing GUI using “itadmin” credentials.

All in One WordPress Hosting Starts at 30$ per month
All in One WordPress Hosting
WordPress
High optimized WordPress hosting, secure firewall, HTTPS, Backup, hack-fix guarantee and many others at 30$ per month

FG100D # config system admin
FG100D # edit itadmin
FG100D (config) # set trusthost 2 172.20.10.162 255.255.255.255

 

3. Verify GUI port

FG100D # show sys global
config system global
set admintimeout 300
set alias “FG100D”
set disk-usage log
set fgd-alert-subscription advisory latest-threat
set hostname “FG100D”
set switch-controller enable
set timezone 47
end

In the above command, you do not get to see HTTP & HTTPS ports if they are running on usual port nos 80 and 443. Otherwise, you get to see like this then try accessing your GUI like https://x.x.x.x:444

FG100D # show sys global
config system global
set admin-port 88
set admin-sport 444
set admintimeout 300
set alias “FG100D”
set disk-usage log
set fgd-alert-subscription advisory latest-threat
set hostname “FG100D”
set switch-controller enable
set timezone 47
end