FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to fix an error that occurs with SSL VPN login where the user is informed that the tunnel interface is down.
Scope
FortiGate 6.X and 7.X
Solution
SSL VPN login error due to tunnel Interface down.
1) In the CLI, confirm the SSL VPN tunnel interface status:
config system interface
edit ssl.root
show
config system interface
edit "ssl.root"
set vdom "root"
set allowaccess fabric
set status down -> [Tunnel status is down]
set type tunnel
set snmp-index 4
next
end
2) Verify if the tunnel Interface Status is down and the allowaccess option is set to 'Fabric'. The tunnel status will not become 'Up' when allowaccess is set to 'Fabric'.
3) Unset the interface allowaccess setting.
4) Set the Interface Status to 'Up'.
Note: If 'Fabric' is enabled for allowaccess, the tunnel status can not be changed
