Authentication failure on SSL-VPN

What is your user database.. Its local or Remote [LDAP]. Also whats your SSL-VPN port ? You should set it to 10443 preferably If you want to use simply 443 for SSL-VPN then please change default admin port to 4433 instead of 443. What page are you getting when u punch-in URL in browser.. Admin Login Page & SSL-VPN login page are easily distinguishable.

what port is you SSLVPN bound to? What interface ? e.g diag sys tcpsock | grep 0.0.0 Look at the 0.0.0.0 and find you port or modify it in your ssl configurations. It seems like you have a conflict on the port your accessing. So I would check the client URL or port-setting

Please use different port for Admin GUI & SSL-VPN ..Ports Nos are up to you no hard requirements ;)

Thank you all for your replies. I' ve changed the port for the admin page and left the port of de ssl portal to 443. The admin page works on the new port, the ssl portal does not show up. So the ssl portal page seems not be working, do I have to enable it somewhere or need I bind it to the WAN interface?

I cannot find this in the GUI, where could I find this? Do you know the CLI commands for this setting? The documentation says: The SSL VPN settings page, found at VPN > SSL > Settings , has been reorganized to be more intuitive. The settings are now found in the following sections: • Connection Settings define how users connect and interact with an SSL VPN portal. This section includes Listen on Interface(s), Idle Logout, and Server Certificate. But in the Gui of my ForiEifi 60D I cannot find ths, also the structure of the menu is different: VPN -> SSL -> Config I can set the port but I cannot bind interfaces

What version of OS are you running? The above is from 5.2 GA CLI cmd configuration; config vpn ssl settings set tunnel-ip-pools " SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools " SSLVPN_TUNNEL_IPv6_ADDR1" set port 10442 set source-interface " internal1" " internal3"

I' m running FWF60D-5.00-build228. The set source-interface command is not there: FWF60D4613015523 (settings) # set s sslvpn-enable Enable/disable SSL-VPN. sslv2 Enable/disable allow SSLv2. sslv3 Enable/disable allow SSLv3. servercert Server certificate. Probably it works differently in this version.

Did you check if ssl vpn was enable? ( the first line in your output ) config vpn ssl settings set sslvpn-enable enable <------ here set sslv3 enable or get vpn ssl settings sslvpn-enable : enable sslv3 : enable dns-server1 : 0.0.0.0 dns-server2 : 0.0.0.0 route-source-interface: disable reqclientcert : disable sslv2 : disable force-two-factor-auth: disable force-utf8-login : disable servercert : self-sign algorithm : default idle-timeout : 300 auth-timeout : 28800 tunnel-ip-pools: == [ SSLVPN-P-TUN-0 ] name: SSLVPN-P-TUN-0 portal-heading : (null) wins-server1 : 0.0.0.0 wins-server2 : 0.0.0.0 url-obscuration : disable http-compression : disable

ssl seems to be enabled, could there be a problem with a policy or interface setting? FWF60D4613015523 # get vpn ssl settings sslvpn-enable : enable sslv3 : enable tlsv1-0 : enable tlsv1-1 : enable tlsv1-2 : enable dns-server1 : 8.8.8.8 dns-server2 : 0.0.0.0 route-source-interface: disable reqclientcert : disable sslv2 : disable allow-ssl-big-buffer: disable allow-ssl-insert-empty-fragment: enable allow-ssl-client-renegotiation: disable force-two-factor-auth: disable force-utf8-login : disable servercert : self-sign algorithm : default idle-timeout : 300 auth-timeout : 28800 tunnel-ip-pools: == [ SSLVPN_TUNNEL_ADDR1 ] name: SSLVPN_TUNNEL_ADDR1 tunnel-ipv6-pools: dns-suffix : wins-server1 : 0.0.0.0 wins-server2 : 0.0.0.0 ipv6-dns-server1 : :: ipv6-dns-server2 : :: ipv6-wins-server1 : :: ipv6-wins-server2 : :: url-obscuration : disable http-compression : disable http-only-cookie : enable port : 443 port-precedence : enable auto-tunnel-static-route: enable auto-tunnel-policy : enable