|
There can be a situation where some users cannot log in to the SSL VPN.
The message in the VPN logs will be as below:
date=2025-02-25 time=12:14:25 id=7475329010331811846 itime="2025-02-25 12:14:25" euid=1068 epid=104 dsteuid=3 dstepid=3 logver=702086525 logid=0101039426 type="event" subtype="vpn" level="alert" action="ssl-login-fail" msg="SSL user failed to logged in" logdesc="SSL VPN login fail" user="nihal.m@finaksglobal.com" remip=106.51.88.228 group="N/A" tunnelid=0 tunneltype="ssl-web" dst_host="N/A" reason="sslvpn_login_permission_denied" eventtime=1740485665233890680 tz="+0000" devid="FGVMPGTM24000744" vd="root" dtime="2025-02-25 12:14:25" itime_t=1740485665 devname="Bangalore_India"
The SSL VPN login process would be seen looping between 0% and 48%. Refer to this article, Troubleshooting Tip: Possible reasons for FortiClient SSL VPN connectivity failure at specific perce... to know the 'Possible reasons for FortiClient SSL VPN connectivity failure at specific percentages'
In FortiSASE, at times, it could be due to the user account not being activated.
Generally, the reason for 'Permission Denied' error while logging into SSL VPN will be Invalid Credentials. As the user is not activated through FortiSASE, the VPN client sees that user as invalid/non-existent.
In order to activate the user account, the user can do it from their Activation Email sent to them while onboarding to FortiSASE.
Activation email can be sent again using 'Resend Invitation Email' from the FortiSASE portal under Configuration -> Users & Groups -> User account.
If the user is already activated, then the credentials can be reset using the instructions from this Technical Tip: How to Reset Local User Password on FortiSASE.
|
