Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
I_Hoffmann
New Contributor

ssl vpn portal bookmarks not working

Hi, we have a ssl portal site configured in our fortigate 200B. Users can connect to the portal site and login without any problem. On the portal we have some bookmarks, just some internal http-sites for our staff. But those bookmarks do not work. If somebody clicks on the bookmarks a new window is opened but it' s empty. On the fortigate a warning (ID 39937) is logged. Message states " SSL web application blocked" . Why is the fortigate blocking the portal bookmarks? There is no UTM configured on the ssl_vpn_address rulesets. Can anybody give me a clue where to allow the portal bookmarks? thanks in advance iho
3 REPLIES 3
rwpatterson
Valued Contributor III

When you configured the portal, did you allow HTTP in the config area (small pencil on the top right border)?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

I_Hoffmann
New Contributor

thanks for your reply rwpatterson but http is allowed in the config area. But i also created a ticket and support found the solution. We also use ssl in tunnel mode. So I created a rule which allows traffic from the internet to our servers and as action i choose ssl-vpn. So far so good. The wrong part was, that i configured only the ssl-vpn-tunnel ips as source address and so only clients connected via the ssl-tunnel were able to contact servers in our network. The portal was blocked, because the portal connects with the ip the client has in the remote network. So the solution is to use " all" as source address and everything is working like a charm :-) Perhaps someone makes the same mistake and finds this info useful. best regards ingo hoffmann
Naly

I also had some issue when trying to log in to a web server through SSL VPN Bookmark. In the Bookmark, I entered "fr.slcc.com:81" as the URL. Hence when I click the Bookmark, it will redirect to the "fr.slcc.com:81" website without the SSL VPN URL Prifix (https://vpn.stc.com/proxy/76ce8cbc/https/) Then I figured out this happens because the request ends with the the port number and because of that the browser redirect the traffic through normal internaet parth. Then I add login to the request to be like this "https://vpn.stc.com/proxy/76ce8cbc/https/fr.slcc.com:81/#/login". Now it's working fine.