Skip to main content
A
Anonymous_User
Contributor
November 19, 2008
Question

SSL VPN - Error: Permission Denied

  • November 19, 2008
  • 7 replies
  • 86703 views
I have walked through the " SSL VPN User Guide" and configured my FortiGate 100A as documented. I am able to access the Web Portal via IE, but when attempting to login I get the following error message: Error: Permission Denied I have checked my logs and I can see the login failures with a reason of " Unavail_Info" . I have configured the device to use LDAP authenticate (Windows 2003 Server Active Directory Domain Controller), however, I have also setup a local test user with a password to rule out any communication issues between the FortiGate and my AD Domain Controller. Does anyone have any suggestions?

    7 replies

    rwpatterson
    rwpatterson
    New Member
    November 19, 2008
    Welcome to the forums Have you enabled the user? Sounds silly, but I forget this one occasionally as well. Also is the user in a user group in a policy? What firmware version are you running?
    Carl_Wallmark
    Carl_Wallmark
    New Member
    November 19, 2008
    also, are you on the " outside" of the FG ??
    A
    Anonymous_UserAuthor
    Contributor
    November 19, 2008
    I am on the outside of the network attempting to login from the " internet" . I am running - 3.00-b0730(MR7 Patch 1). What do you mean by " Have you enabled the user?" ? I have created the account and joined it to a User Group. The User Group is listed on my WAN - Internal (SSL-VPN) firewall policy. Is there something else that I have to do to " enable" the user?
    rwpatterson
    rwpatterson
    New Member
    November 21, 2008
    If you are using a local user, you must enable them. The user group could be there, but if the local user is disabled for access, you will not get in. Disregard if you are using LDAP or FSAE.
    A
    Anonymous_UserAuthor
    Contributor
    December 4, 2008
    hello i have the same problem with FG 100A. but how i can enable local users? the Firmware Version is: 3.00-b0662(MR6 Patch 1). i do all possible ways of configuration by following all ssl guides and hints of this forum members but the problem stay. please what should i do? Regards Issam
    Seppel
    Seppel
    New Member
    November 21, 2008
    Hi Please activate the enable web application option and also one ore more option from this. regards
    A
    Anonymous_UserAuthor
    Contributor
    November 21, 2008
    Thank you all for your suggestions. I was able to resolve this issue today. I had to move the " SSL VPN Authentication Policy" (WAN1 > Internal1, Action SSL-VPN) to the top of the list. Once I did that I was able to authenticate.
    support12
    support12
    New Member
    December 6, 2008
    Do this. Delete the policy. Create again and move on top. It works for me.
    A
    Anonymous_UserAuthor
    Contributor
    December 6, 2008
    thank you now i can login but still cannot access internet through ssl
    daveywavey
    daveywavey
    New Member
    December 6, 2008
    Also check you Schedule on your policy.
    Terms & ConditionsAccessibility statement