SSL VPN permission denied

Hi, On what network do you try from ? You must " dial in" from the external network (Internet).

thanks for your reply.. I login SSL VPN from external network(internet)

do you have a SSL VPN policy on top of your policys ? is your user account a member of the SSL VPN Group ?

How are you attempting to authenticate? Local user or remote (LDAP, RADIUS)?

Thanks for your reply ssl vpn policy is on top of the policy.iam using local user authentication.I attached the users in ssl vpn group.

To enable SSL VPN on FG • VPN-SSL- Config- enable • Define an IP pools: Edit- Select an IP pool rang for the global SSL - If not created any pool: Firewall-Address-create a range of IP address for the pool • Define a DNS server : Advanced- DNS server #1- apply settings • Customize/create new portal page • To customize/create the portal page: VPN-SSL-Portal- Create new- enable required applications- apply settings To enable split tunneling • Click on the created portal page name- Add widgets- Tunnel mode- • Edit the tunnel-Name- select IP mode as range • Under IP pool- edit- Select the created IP pool range(SSL IP pool range) • Apply the settings ---------- Create users:- • User-Local-Create new- (Username) - (password) • Add users into the SSL group : User-User group-Create new- Name-Type as SSL- Move available users into Members • --------- Create Firewall policy • Firewall- Policy- policy • External > Internal, with the action set to SSL, destination as the created network and with an SSL user group • ssl.root > Internal, with the action set to Accept • Internal > ssl.root, with the action set to Accept. • Access also requires a new static route: Destination network - <ssl tunnel mode assigned range> interface ssl.root. • Apply settings test it from internet(outside from your network) I hope this will help you.. normally the permission denied will happen when there is any wrong configuration or the user account might be disabled.