Technical Tip: SSL VPN login blank page due to changing Public IP

darisandy · ‎09-11-2025

Description

This article describes the issue of a blank page after a successful SSL VPN web login due to a changing public IP address.

Scope

FortiGate v7.4.7 and v7.4.8.

Solution

Certain Mobile Service Providers assign a public IP address to a client and change it very often, periodically.

Using v7.4.7, this does not seem to be affecting the SSL VPN Web Mode connection. But after the upgrade to v7.4.8, the client is getting a blank page after a successful SSL VPN login.

The debug on version v7.4.8 showed this error.

[318:root:5]deconstruct_session_id:494 decode session id ok, user=[user01], group=[VPN_Users],authserver=[user01],portal=
[full-access],host[182.2.143.36],realm=[],csrf_token=[E5F22F1885A72BC78E3C32FBCC44AAB],idx=2,auth=1,sid=3ea08db4,login=1757390754,access=1757390754,
saml_logout_url=no,pip=no,grp_info=[3Zgl94],rmt_grp_info=[]
[318:root:5]get_shm_session:1388 source ip check failed <----

To mitigate this, there is an option in the VPN settings that can be disabled.

config vpn ssl settings
set auth-session-check-source-ip disable
end

SSL VPN will be limited to specific FortiGate models; refer to this KB article: Technical Tip: SSL VPN support on FortiGate models for more information. Web Mode will be referred to as Agentless VPN.

Related article:

Troubleshooting Tip: SSL VPN Troubleshooting

Technical Tip: SSL VPN login blank page due to changing Public IP

You are leaving our website