Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
papapuff
New Contributor II

can't login web portal vpn ssl

Hi there,

I use FG60D, and wanna use VPN web portal.

what I've done:

- create web tunnel

- set AV check

- create user and group, then add to portal mapping on menu vpn ssl setting

 

I can reach web portal over web browser, directly, using assigned port.

but I can't login, permission denied.

am I missed something?

 

unlucky for me, tried to search over forum and fortigate help, but can't find about complete guidance.

 

also, Can I disable this feature, in the future? I mean outside can't reach web portal.

 

please help. thank you.

1 Solution
shehab
New Contributor III

If you are reaching the web page in the browser, dose not mean you configured the portal / users correctly.

 

You are getting permission denied , because the user / group are not configured correctly.

 

I am not sure what you want to achieve but , you have to create a web-portal and assign users to it, in the web-portal you can enable either or both tunnel mode and web mode.

 

also, make sure you define the users inside the groups with out duplication , and at the end of the list you will see the default group assignment if the user is not defined in any group.

 

Regards,

Mahmood

View solution in original post

7 REPLIES 7
cwb2205
New Contributor

Are you adding the user directly to the SSLVPN Auth/ portal mapping or adding them to a group and adding the group to the mapping?

did you add a portal to the users auth /portal mapping?

NSE 7 ATP3.0

NSE 7 ATP3.0
Patel
New Contributor III

You will need a policy from the sslvpn.root(if using root vdom) interface to internal network or the other way around in order to make it work. Make sure you have at least one policy referring the SSL-VPN interface.

 

Regards,

Patel

shehab
New Contributor III

If you are reaching the web page in the browser, dose not mean you configured the portal / users correctly.

 

You are getting permission denied , because the user / group are not configured correctly.

 

I am not sure what you want to achieve but , you have to create a web-portal and assign users to it, in the web-portal you can enable either or both tunnel mode and web mode.

 

also, make sure you define the users inside the groups with out duplication , and at the end of the list you will see the default group assignment if the user is not defined in any group.

 

Regards,

Mahmood

neonbit
Valued Contributor

I'd recommend disabling the AV check to see if that's causing the issue.

emnoc
Esteemed Contributor III

You need to really start with "diag debug application sslvpnd -1" and see what happens wen that user login-in.

 

hint capture the output to a file.

 

My guess, you have auth-rule issues ( group, order,etc....), or if using a external authorizer that could be an issue also. The latter is easy to rule out.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
papapuff
New Contributor II

hi there..

 

sorry late post.

I've resolved the issue.

suggestion by shehab worked for me.

add user to group, then add user to existing policy. that's how I resolve.

 

 

thanks all

tcendros
New Contributor

Seeams you have an issue with the user. Is a local or remote user?  You can try this:

diagnose test authserver ldap Dc01 user password

Then you can validate if its acorrect credentials.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors