Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ylli_Seitaj
Staff
Staff

Created on ‎12-28-2023 10:24 AM

Article Id 291152

Troubleshooting Tip: How to fix 'HTTP 401 Unauthorized', which prevents GUI access and causes issues with SSH

Description

This article describes how to fix the 'HTTP 401 Unauthorized' error, which prevents GUI access and causes issues with SSH.
Scope FortiOS v7.2.4.
Solution

Brief network flow: 

FortiGate-1 - IPSec tunnel - (management interface) FortiGate-2

 

  1. Run the following commands to debug any GUI issues:
     

diagnose debug application httpsd -1

diagnose debug enable

 

  1. After running the above commands, try to access the GUI in order to reproduce the issue.

  2. Check the debug logs to see if the following sentence is present:

Completed GET request for '/api/v2/monitor/web-ui/extend-session' (HTTP 401 Unauthorized)

 

  1. On both ends of the IPsec tunnel under the Firewall Policies for the IPsec tunnel, change the 'tcp-mss-sender' and 'tcp-mss-receiver' values to 1350 with the following commands:

 

On FortiGate-1 and FortiGate-2:

 

config firewall policy
    edit <policy id>
       set tcp-mss-sender 1350

       set tcp-mss-receiver 1350

    next
end

 

After executing these commands, the GUI should be accessible and the SSH should work without any issues.
561
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.