Description |
This article describes how randomly failing SSLVPN authentication with Fortitoken push can be fixed.
|
Scope | |
Solution |
With the default, set auth-session-check-source-ip enable, the auth fails if the Token arrives from a different IP address than the initial session:
2021-12-04 12:45:20 [177:root:fd]SSL state:SSL negotiation finished successfully (10.255.255.2)
With 'set auth-session-check-source-ip disable', the auth goes thru even if the token comes in from a different IP address:
2021-12-04 12:50:31 [177:root:105]SSL state:SSL negotiation finished successfully (10.255.255.2)
Before 6.2.0, the behaviour is to drop an auth attempt with multiple IP addresses, and it cannot be changed. Failing auth attempts are expected.
# config vpn ssl settings
Related document. https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/281620/vpn-ssl-settings |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.