Created on 02-24-2025 09:10 PM
A local user without MFA cannot connect to an SSL VPN. The SSL VPN debugs show 'too many login attempts'.
[180:root:1502010]sslvpn_authenticate_user:221 create fam state[180:root:1502010][fam_auth_send_req_internal:432] Groups sent to FNBAM:[180:root:1502010]group_desc[0].grpname = test-usergroup[180:root:1502010][fam_auth_send_req_internal:444] FNBAM opt = 0X200420[180:root:1502010]fam_auth_send_req_internal:513 fnbam_auth return: 4[180:root:1502010]fam_auth_proc_resp:1365 fnbam_auth_update_result return: 11 (too may login attempts)[180:root:1502010]login_failed:480 user[test],auth_type=1 failed [sslvpn_login_unknown_user][180:root:1502010]Transfer-Encoding n/a[180:root:1502010]Content-Length 237[180:root:1502010]Timeout for connection 0x7f6d08471000.
Check and clear if the user's public ip is listed in the SSL VPN block list:
diagnose vpn ssl blocklist list
diagnose vpn ssl blocklist del <user's_public_ip>
If the user's IP is not listed in the blocklist and still getting the above errors, restart the fnbamd process.
fnsysctl killall fnbamd
Related articles:
You are leaving our site and we cannot be held responsible for the content of external websites
