New Member

Question

FortiManager GUI login Issue

Forum|Forum|3 years ago
November 14, 2022
5 replies
3184 views

Has anyone ever experienced and issue FortiManager immediately logging out Admins 10-30 seconds after logging into the GUI?

For the passed year FMgr has been working fine, we typically authenticate via SSO with Okta as the IdP. For the passed year no issues, we've made the internal decision to move all SSO authentication to Azure where possible to slowly phase out Okta.

I was able to successfully switch to Azure as the SSO IdP and things worked great with no issues. About a week later one of my counterparts reported issues of him not being able to stay logged into FMgr.

I troubleshot and confirmed what he was reporting. I tried from multiple machines, browsers (private & incognito), cleared cache....still the same results. After looking at logs on the Azure side, it seemed that it was receiving a "logoff" request, which essentially logged the user out.

To troubleshoot further I removed all SSO settings on the FMgr side leaving only the local Super Admin account and the issue persisted even with the local account.

I do have a ticket open with TAC and was able to demonstrate the issue via screen share, after about 2hrs of diags and DB clean-ups, nothing seems to help.

Their level 3's are asking for event logs but as you guessed, I can't stay logged in long enough to download them

We're hosting both FortiManager and FortiAnalyzer appliances in the Azure and both are having the same issue. I am trying to do everything possible to not have to rebuild both VMs as that would be a pain with all the Gates we have deployed already

I created a video illustrating the issue (please excuse the Camtasia, watermark...LOL)

The issue is with the GUI only, I can SSH into both appliances and stay logged in until the configured timeout.

The community has always been helpful so as always, any help or comments are very much appreciated.

Fortimanager

Anthony_E

Staff

Hello,

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Best Regards

Anthony_E

Staff

Hello,

I found this answer from a reddit user which can be useful:

'To give a bit more context, every few seconds your browser will be sending a request to the FAZ/FMG

/cgi-bin/module/HeartBeat

if this is load balanced in some way, and appears from a new source IP - it will trigger a logout of the system. I haven't been able to figure a way out of this system - so had to pin the FAZ/FMG traffic into my azure hosted systems to a single IP address, as the load balancing I was using was trying to maximise bandwidth across both links.'

Regards,

Best Regards

Ahilan

New Member

Hi,

I am also facing same issue, so please tell me what need to do here,so

I need to change something in azure side. So please help me resolve this issue.

filiaks1

Explorer III

Have you checked the logs or done basic investigation? Maybe check cpu/memory and httpds/httpd processes?

Usually for high cpu/memory the non esential processes are impacted first like GUI.

Restarting httpsd on Fortimanager 7.4.1 - Fortinet Community

debug | FortiManager 7.6.3 | Fortinet Document Library

DMworker high CPU troubleshooting under F... - Fortinet Community

Also see for your version known issues Known issues | FortiManager 7.6.3 | Fortinet Document Library as who knows upgrade could be the way.

sowens

New Member

We experience the same issue and investigating logs it appears to be the source IP changing as mentioned by Anthony_E. Each time SD-WAN switches the traffic between providers it kicks me back to the login prompt on our Azure hosted Fortigate. The remote Physical appliances do not seem to do this.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded