Question
FortiClient - disconnect/reconnect issue
Hi,
Has anyone encountered the situation where a user disconnects from idle-timeout ( 300s ) and the Reconnecting just keep happening after a good couple of seconds ( about 60s ) and lots of logs with SSL web application blocked ?
FGT : 7.0.15 and FCT 7.2.4 ( other FCT versions also have this issue )
The sslvpn configuration looks like this ( some lines have been left out ) :
config vpn ssl settings set ssl-min-proto-ver tls1-1 set banned-cipher CAMELLIA 3DES SHA1 STATIC set ssl-client-renegotiation enable set auth-timeout 43200 set login-attempt-limit 3 set login-block-time 300 set idle-timeout 300 set login-timeout 120 set dtls-hello-timeout 30 set default-portal "no-access" config authentication-rule edit 1 set groups "SSLVPN" set portal "tunnel-access" next end set tunnel-connect-without-reauth enable set tunnel-user-session-timeout 60 end
config vpn ssl web portal edit "tunnel-access" set tunnel-mode enable set forticlient-download disable set save-password enable set ip-pools "SSLVPN_TUNNEL_ADDR1" next edit "no-access" set forticlient-download disable next end
I also replace the default SSLVPN Login page available from the Internet to display an empty page with a custom page title
config system replacemsg-group edit "default" set comment "Default replacement message group." config sslvpn edit "sslvpn-login" set buffer "<!DOCTYPE html><html lang=\"en\" class=\"main-app\"> <head> <meta charset=\"UTF-8\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <link href=\"/css/main-blue.css\" rel=\"stylesheet\" type=\"text/css\"> <title> Invalid page </title> </head> <body> <div class=\"view-container\"> <form class=\"prompt\" action=\"%%SSL_ACT%%\" method=\"%%SSL_METHOD%%\" name=\"f\" autocomplete=\"off\"> </form> </div> </body></html>" set header http set format html next end next end
Action ssl-web-deny Reason unknown Tunnel Type ssl-web Message SSL web application blocked
