Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎03-14-2011 08:32 AM Edited on ‎12-28-2024 11:07 PM By Community Manager

Article Id 193770

Troubleshooting Tip: FortiOS error message: SSL Alert 'bad record mac'

Description

 

This article describes troubleshooting steps when the SSL alert log message 'bad record mac' displays on the FortiGate.


Scope

 

FortiGate:


Solution

 

The following log may be seen when an SSL dialer is failing to connect:
 
Log Number 27
Last Activity 2011-02-01 09:00:41
VDom VD-CJG
Level error
Subtype sslvpn-session
Timestamp 2011-02-01 09:00:14
Log ID 39944
Device ID FG3K8A3408600328
Cluster ID FG3K8A3408600069_CID
Tunnel Type ssl
Tunnel Action
Remote IP 1.1.1.1
Tunnel IP 0.0.0.0
Alert fatal
Description bad record mac
 
 
Troubleshoot this issue as follows:
 
Open an SSH session to the FortiGate and collect the following debug from the CLI.
 
diagnose debug console timestamp enable
diag debug app sslvpn -1
diag debug enable
 
 
sslvpn debug can show below error message:
2022-06-21 13:26:20 [30569:root:7]SSL state:fatal bad record mac (81.43.106.186)
2022-06-21 13:26:20 [30569:root:0]ap_read,109, error=1, errno=0 ssl 0x34060000 Success. error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac
 
Open a second SSH session to the FortiGate and collect the following debug from the CLI.
 
diag sniffer packet any 'port <SSL vpn port>' 6 0 a
 
 
 
To check whether the error is linked to the CP6 chip (SSL-based computation is performed by the CP for SSL), disable hardware acceleration on the CLI:
 

diagnose vpn ssl hw-acceleration-status

config system global
    set sslvpn-cipher-hardware-acceleration disable
    set sslvpn-kxp-hardware-acceleration disable
  end

 
 
Note: 
From v7.2.1 and later versions, SSL VPN Hardware acceleration has been removed. For more details check this related document: Status of SSL VPN acceleration
Labels:
6978
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.