Skip to main content
ecardona
ecardona
Visitor III
May 6, 2026
Question

Strange Login Failure (Credential Error) Isolated to Specific Web Site - Policy/UTM Ruled Out

  • May 6, 2026
  • 2 replies
  • 43 views

Hi everyone,

I’m encountering a very specific and unusual issue with a web application login that only occurs within one of our corporate networks. I’m hoping someone has encountered something similar.

 

The Problem:
Users at "Site A" can load the website perfectly. However, when attempting to log in, the application returns a "Wrong Credentials" error.

 

The Conflict:

Using the exact same credentials from "Site B" (which has an identical FortiGate setup and security policies), the login is successful.

Using the same credentials from home networks or mobile hotspots, the login is successful.

The issue persists at "Site A" even with FortiClient disconnected.

 

Troubleshooting Performed at Site A (Problematic Site):

Security Profiles: Created a top-level "Full Access" policy with zero UTM/Security Profiles (No SSL inspection, no Web Filter, no App Control). The issue persists.

SD-WAN & Routing: Forced traffic through a single ISP member using a specific SD-WAN rule to ensure no asymmetric routing or IP switching. No change.

NAT: Tested with and without "Preserve Source Port."

FortiClient: Completely shut down the FortiClient agent on the endpoint to rule out local endpoint control.

DNS: Verified that the site resolves to the same IP address as it does on working networks.

 

Environment Details:

FortiGate Model: 40F

Firmware Version: 7.4.11

 

Has anyone seen a case where a FortiGate causes an application-level credential error despite security profiles being disabled? Any advice on specific diag sniffer packet or diag debug flow filters to catch why this specific site is behaving differently?

Thanks in advance!

2 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
May 6, 2026

Since it’s loading fine and the failure happens above HTTP/HTTPS protocol, only thing I can think of is the site is blocking access from Site A (IP?) specifically. Try changing the IP by hooking up 5G/4G router or something to the 40F then try logging in. Or skip that test and just contacting who is hosting the website.

Toshi

    ecardona
    ecardonaAuthor
    Visitor III
    May 6, 2026

    Thanks for your reply.

    I should mention that at location A we have two different ISPs, and we've run tests with both IP addresses without success.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 6, 2026

    That fact wouldn’t change the possibility those two IPs might be blocked.
    Other possibility was like MTU issue. But if that’s the case, I wouldn’t expect both two circuits have the same problem or the location would have more obvious symptom caused by the MTU issue like very slow connections, etc.You can try lowering the MSS size at the policies to rule it out.

    Toshi

      msanjaypadma
      Staff
      msanjaypadma
      Staff
      May 7, 2026

      Hi ​@ecardona ,

      Have you attempted bypassing the FortiGate device by connecting the direct ISP link to a single laptop, ensuring that the WAN IP address configured on the FortiGate WAN interface is applied to the test laptop? This will help verify whether the issue is related to the FortiGate device. If the problem persists after this test, then contact the site administrator for any blacklist ip address?

      Thanks,
      Mayur Padma

        Terms & ConditionsAccessibility statement