FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the reason behind the 'Access Denied' error while accessing the Virtual Server with HTTP and HTTPS cookie persistence.
Scope FortiGate.

The HTTP cookie persistence ensures that the user should connect to the same server, however, if that server gets unreachable then the user will face the 'Access Denied' error.




To fix the issue, it could be understood with the help of the below Virtual Server configuration.


# config firewall VIP
        set type server-load-balance
        set server-type https
        set extport 443
        set extintf wan1
        set extip
        set persistence http-cookie


# config realservers
    edit 1
        set ip
        set port 80
    edit 2
        set ip
        set port 80
    edit 3
        set ip
        set port 80


If the real server becomes unreachable then the users trying to access the Virtual Server with the HTTP cookies already injected in the user's web browser will face an 'Access Denied' error.


The rest of the real servers and would be accessible using their respective HTTP cookies already injected in the user's web browsers.


New users with no HTTP cookies stored in the Web Browser will not face any issues as a new session would be created either with a real server or according to the Load Balance Method configured.

Related Article: