This article describes how randomly failing SSLVPN authentication with Fortitoken push can be fixed.
With the default, set auth-session-check-source-ip enable, the auth fails if the Token arrives from a different IP address than the initial session:
2021-12-04 12:45:20 [177:root:fd]SSL state:SSL negotiation finished successfully (10.255.255.2)
With 'set auth-session-check-source-ip disable', the auth goes thru even if the token comes in from a different IP address:
2021-12-04 12:50:31 [177:root:105]SSL state:SSL negotiation finished successfully (10.255.255.2)
Before 6.2.0, the behaviour is to drop an auth attempt with multiple IP addresses, and it cannot be changed. Failing auth attempts are expected.
# config vpn ssl settings