Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
darisandy
Staff
Staff

Created on ‎09-11-2025 10:21 PM

Article Id 410556

Technical Tip: SSL VPN login blank page due to changing Public IP

Description This article describes the issue of a blank page after a successful SSL VPN web login due to a changing public IP address. 
Scope FortiGate versions 7.4.7 and 7.4.8.
Solution

Certain Mobile Service Providers assign a public IP address to a client and change it periodically, sometimes within a few seconds.

 

Using FortiOS version 7.4.7, this does not seem to be affecting the SSL VPN Web Mode connection.

But after the upgrade to v7.4.8, the client is getting a blank page after a successful SSL VPN login. 

 

The debug on version 7.4.8 showed this error.

 

[318:root:5]deconstruct_session_id:494 decode session id ok, user=[user01], group=[VPN_Users],authserver=[user01],portal=
[full-access],host[182.2.143.36],realm=[],csrf_token=[E5F22F1885A72BC78E3C32FBCC44AAB],idx=2,auth=1,sid=3ea08db4,login=1757390754,access=1757390754,
saml_logout_url=no,pip=no,grp_info=[3Zgl94],rmt_grp_info=[]
[318:root:5]get_shm_session:1388 source ip check failed  <----

 

To mitigate this, there is an option in the VPN settings that can be disabled.

 

config vpn ssl settings
    set auth-session-check-source-ip disable
end

 

SSL VPN Tunnel mode is no longer available in FortiOS v7.6.3 and above. Web Mode will be referred to as Agentless VPN.
109
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.