Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
parthpatel
Staff
Staff

Created on ‎04-12-2023 10:24 PM Edited on ‎09-05-2024 11:10 PM By Community Manager

Article Id 252222

Technical Tip: SSL VPN user authentication issue when firewall is in NGFW policy-based mode

Description

 

This article describes that if the SSL VPN settings are already configured on the FortiGate running NGFW policy-based mode and have the policy under security policy, it still sends the error message stating 'Permission Denied' as the screenshot below.

 

MicrosoftTeams-image (14).png

Scope

 

FortiGate.

 

Solution

 

  • Within the Central SNAT section apply a policy the NAT option is disabled for this internal traffic.

 

central nat kb.png 

 

  • Check the ‘SSL Inspection and Authentication’ policy because if the policy is already configured under ‘Security Policy’ it will only be referred for UTM features.
  • To allow the traffic to pass through, it is necessary to configure the group under the ‘SSL inspection and Authentication’ as in the image below. This will ensure that VPN users are being authenticated properly while logging in.

 

KB2.PNG

-

Under this ‘SSL Inspection and Authentication,’ all the user groups need to be added.

Once the user group is added here, FortiGate will be able to authenticate the user without any issues.

831
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.