Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Harunobu-Takahashi
New Contributor II

After SSL-VPN Webmode authentication, https bookmark login fails.

After SSL-VPN Webmode authentication, https bookmark login fails.
After a failure, the login screen will be displayed again.
I can log in correctly on the http bookmark login site.
I will add debugging, so if you have knowledge please help.

Equipment used: FG60E
Version: 7.0.10

 


FortiGate-60E #
FortiGate-60E # diag debug enable

FortiGate-60E # [210:root:d1]req: /remote/logincheck <----------------SSL-VPN Login
[210:root:d1]rmt_web_auth_info_parser_common:492 no session id in auth info
[210:root:d1]rmt_web_access_check:760 access failed, uri=[/remote/logincheck],ret=4103,
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]rmt_logincheck_cb_handler:1283 user 'user01' has a matched local entry.
[210:root:d1]sslvpn_auth_check_usrgroup:2967 forming user/group list from policy.
[210:root:d1]sslvpn_auth_check_usrgroup:3013 got user (0) group (1:0).
[210:root:d1]sslvpn_validate_user_group_list:1851 validating with SSL VPN authentication rules (1), realm ().
[210:root:d1]sslvpn_validate_user_group_list:1971 checking rule 1 cipher.
[210:root:d1]sslvpn_validate_user_group_list:1979 checking rule 1 realm.
[210:root:d1]sslvpn_validate_user_group_list:1990 checking rule 1 source intf.
[210:root:d1]sslvpn_validate_user_group_list:2029 checking rule 1 vd source intf.
[210:root:d1]sslvpn_validate_user_group_list:2571 rule 1 done, got user (0:0) group (1:0) peer group (0).
[210:root:d1]sslvpn_validate_user_group_list:2865 got user (0:0), group (1:0) peer group (0).
[210:root:d1]sslvpn_update_user_group_list:1793 got user (0:0), group (1:0), peer group (0) after update.
[210:root:d1]two factor check for user01: off
[210:root:d1]sslvpn_authenticate_user:183 authenticate user: [user01]
[210:root:d1]sslvpn_authenticate_user:197 create fam state
[210:root:d1][fam_auth_send_req_internal:426] Groups sent to FNBAM:
[210:root:d1]group_desc[0].grpname = IaaS-User
[210:root:d1][fam_auth_send_req_internal:438] FNBAM opt = 0X200400
[210:root:d1]fam_auth_send_req_internal:514 fnbam_auth return: 0
[210:root:d1][fam_auth_send_req_internal:539] Authenticated groups (1) by FNBAM with auth_type (1):
[210:root:d1]Received: auth_rsp_data.grp_list[0] = 2
[210:root:d1]fam_auth_send_req_internal:563 found node IaaS-User:0:, valid:1, auth:0
[210:root:d1]Validated: auth_rsp_data.grp_list[0] = IaaS-User
[210:root:d1][fam_auth_send_req_internal:652] The user user01 is authenticated.
[210:root:d1]fam_do_cb:665 fnbamd return auth success.
[210:root:d1]SSL VPN login matched rule (1).
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]rmt_web_session_create:1209 create web session, idx[0]
[210:root:d1]req: /remote/hostcheck_install?auth_type=1&us
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /sslvpn/portal.html
[210:root:d1]mza: 0x18c32a8 /sslvpn/portal.html
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][212:root:ce]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[212:root:ce]req: /d9116ac2a726d5e0d9386cf7a6da16c2/styles
mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/aes.js
[211:root:d0][212:root:ce]mza: 0x18c3268 /d9116ac2a726d5e0d9386cf7a6da16c2/styles.css
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/common.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[210:root:d2]allocSSLConn:307 sconn 0x54939500 (0:root)
[212:root:d0]mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/sslvpn_util.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d2]SSL state:before SSL initialization (10.0.0.12)
[210:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d0][210:root:d2]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[210:root:d2][211:root:d0]client cert requirement: no
mza: 0x18c3260 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/css/main.css
[210:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d1][212:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/css/le
[212:root:d1]mza: 0x18c3228 /d9116ac2a726d5e0d9386cf7a6da16c2/css/legacy-main.css
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.bundle.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]no SNI received
[210:root:d2]client cert requirement: no
[210:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write finished (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[210:root:d2]SSL state:error:(null)(10.0.0.12)
[210:root:d2]SSL_accept failed, 1:sslv3 alert certificate unknown
[210:root:d2]Destroy sconn 0x54939500, connSize=1. (root)
[210:root:d1]req: /api/v2/static/fweb_build.json
[210:root:d1]mza: 0x18c32c0 /api/v2/static/fweb_build.json
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /remote/portal?access=admin
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /remote/portal
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/lang/x
[212:root:d0]mza: 0x18c3278 /d9116ac2a726d5e0d9386cf7a6da16c2/lang/x-sjis.json
req: /d9116ac2a726d5e0d9386cf7a6da16c2/js/leg
[210:root:d1]mza: 0x18c3330 /d9116ac2a726d5e0d9386cf7a6da16c2/js/legacy_theme_setup.js
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-1.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-2.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[212:root:d0]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-4.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-3.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /remote/portal/bookmarks
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/
req: /d9116ac2a726d5e0d9386cf7a6da16c2/lato-b
[212:root:d0]def: 0x18c3240 /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/fa-icons.woff
[212:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/lato-r
def: 0x18c3368 /d9116ac2a726d5e0d9386cf7a6da16c2/lato-bold.woff2
[212:root:d1]def: 0x18c3320 /d9116ac2a726d5e0d9386cf7a6da16c2/lato-regular.woff2
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/
[212:root:d0]def: 0x18c3240 /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/ftnt-icons.woff

FortiGate-60E #
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [212:root:d0]req: /remote/web_service?bmgroup=gui-bookmark <------------https site bookmark click
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:0]make_proxy_url:79 proxy url :/proxy/4f6d056c/https/Z67cc6fdf618032cb5b81ef933da7b7ba/index.html
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]sslvpn_policy_match:2626 checking web session
[212:root:d0]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d0]policy_match_check:125 checking policy 2 for incoming policy (iif: 5)
[212:root:d0]policy_match_check:128 checking schedule
[212:root:d0]policy_match_check:135 checking authgrp
[212:root:d0]policy_match_check:144 checking services
[212:root:d0]check_policy_svr:742 service check ok
[212:root:d0]policy_match_check:153 checking ssl mode
[212:root:d0]policy_match_check:158 checking oif admin access
[212:root:d0]policy_match_check:166 checking oif
[212:root:d0]check_pol_oif:850 checking oif to 192.168.1.220
[212:root:d0]check_pol_oif:857 checking internal(0x5fe5198)
[212:root:d0]policy_match_check:177 checking address
[212:root:d0]policy_match_check:203 policy id: 2, policy position: 1, policy action: accept, address matched: 1
[212:root:d0]policy_match_check:220 selected policy id: 2, policy position: 1, policy action: accept
[212:root:d0]policy_match_check:233 return 0
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]3 0x54939500,ssl=0x55201000,(nil),connect to 192.168.1.220:443.
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /index.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]req: /remote/sslvpn_support.js
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d0]req: /sslvpn/js/sslvpn_util.js
[212:root:d1][211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
mza: 0x18c3258 /sslvpn/js/sslvpn_util.js
req: /sslvpn/js/aes.js
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3258 /sslvpn/js/aes.js
[212:root:ce]req: /sslvpn/js/sslvpn.js
[210:root:d1][212:root:ce]mza: 0x18c3258 /sslvpn/js/sslvpn.js
[211:root:d2]allocSSLConn:307 sconn 0x54939a00 (0:root)
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2]no SNI received
[211:root:d2]client cert requirement: no
[211:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d1]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d2][212:root:d1]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0][212:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]sslvpn_policy_match:2626 checking web session
[212:root:d1]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d1]sslvpn_policy_match:2651 policy check cache found [accept]
req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]sslvpn_policy_match:2626 checking web session
[211:root:d0]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d1][211:root:d0]3 0x54939a00,ssl=0x54947000,(nil),connect to 192.168.1.220:443.
sslvpn_policy_match:2651 policy check cache found [accept]
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]2 0x55344b00,ssl=0x55201000,(nil),connect to 192.168.1.220:443.
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
sslvpn_policy_match:2626 checking web session
[211:root:d2]no SNI received
[211:root:d2][212:root:ce]client cert requirement: no
req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d1][212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:ce][210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
sslvpn_policy_match:2651 policy check cache found [accept]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]sslvpn_policy_match:2626 checking web session
[212:root:ce]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:ce]sslvpn_policy_match:2651 policy check cache found [accept]
1 0x55344b00,ssl=0x54a2b000,(nil),connect to 192.168.1.220:443.
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]3 0x54939000,ssl=0x55203000,(nil),connect to 192.168.1.220:443.
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /javascript/angular-1.7.9/angular-route.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:d1]0x54939a00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d1]0x54939a00 doSSLConnect() cookie out:
[212:root:d1]0x54939a00 fsv_output_req_headers() send header:
GET /css/icon_styles_ciscologo.css HTTP/1.1
Host: 192.168.1.220
Accept: text/css,*/*;q=0.1
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[210:root:d1]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[210:root:d1]0x55344b00 doSSLConnect() cookie out:
[210:root:d1]0x55344b00 fsv_output_req_headers() send header:
GET /javascript/jquery.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /javascript/controllers/rfdashboard.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[211:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[211:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[211:root:d2][212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
SSL state:SSLv3/TLS write finished (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /javascript/angular-1.7.9/angular.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:d2]allocSSLConn:307 sconn 0x55344b00 (0:root)
[211:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[212:root:d2]SSL state:before SSL initialization (10.0.0.12)
[212:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2][212:root:d2]no SNI received
[212:root:d2]client cert requirement: no
SSL state:error:(null)(10.0.0.12)
SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d2][212:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d2][212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]no SNI received
[212:root:d2]client cert requirement: no
[212:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d0]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[211:root:d0]0x55344b00 doSSLConnect() cookie out:
[211:root:d0]0x55344b00 fsv_output_req_headers() send header:
GET /css/login.css HTTP/1.1
Host: 192.168.1.220
Accept: text/css,*/*;q=0.1
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[211:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[211:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[211:root:d0]0x55344b00 doSSLConnect() cookie out:
[211:root:d0]0x55344b00 fsv_output_req_headers() send header:
GET /javascript/translate.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[211:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write finished (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS read finished (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d2]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /css/fonts/ciscologo/ciscologo.woff?fpxgk6 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Origin: https://192.168.1.220
Referer: https://192.168.1.220/css/icon_styles_ciscologo.css
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /nls/ApplicationProperties-ja.json HTTP/1.1
Host: 192.168.1.220
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Requested-With: XMLHttpRequest
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /favicon.ico
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /favicon.ico HTTP/1.1
Host: 192.168.1.220
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:ce]Destroy sconn 0x54939000, connSize=3. (root)
[212:root:ce]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [210:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5 <---------Click the login button on the https site
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[210:root:d1]0x55344b00 doSSLConnect() cookie out:
[210:root:d1]0x55344b00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[210:root:d1]Destroy sconn 0x55344b00, connSize=0. (root)
[210:root:d1]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E # <------------Enter https site ID/PASS
FortiGate-60E # [212:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]0x54939a00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d1]0x54939a00 doSSLConnect() cookie out:
[212:root:d1]0x54939a00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Authorization: Basic YWRtaW46VG1jLWlkY3MyMDE3
Cache-Control: max-age=0
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:d0]epollAddPending:538
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
[211:root:d0][212:root:d0]epollAddPending:538
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
epollFdHandler:653 s: 0x54939500 event: 0x1
[211:root:d0][212:root:d0]epollFdHandler:653 s: 0x55344b00 event: 0x1
Destroy sconn 0x54939500, connSize=2. (root)
[211:root:d0]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d0][211:root:d0]SSL state:warning close notify (10.0.0.12)
SSL state:warning close notify (10.0.0.12)
[212:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d1]Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d1]SSL state:warning close notify (10.0.0.12)
[212:root:d2]Timeout for connection 0x55344b00.

[212:root:d2]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d2]SSL state:warning close notify (10.0.0.12)

FortiGate-60E # <------------The https site ID/Pass input screen is displayed again.
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [210:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
[211:root:d3][210:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
SSL state:before SSL initialization (10.0.0.12)
[210:root:d3]SSL state:before SSL initialization (10.0.0.12)
SSL state:before SSL initialization (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:before SSL initialization (10.0.0.12)
no SNI received
[210:root:d3]client cert requirement: no
[210:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d3]no SNI received
[211:root:d3]client cert requirement: no
[211:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d3]no SNI received
[210:root:d3]client cert requirement: no
[210:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]no SNI received
[211:root:d3]client cert requirement: no
[211:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d3]SSL state:fatal certificate unknown (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:error:(null)(10.0.0.12)
[210:root:d3]SSL_accept failed, 1:sslv3 alert certificate unknown
[210:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
SSL state:SSLv3/TLS write certificate (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d3]SSL state:fatal certificate unknown (10.0.0.12)
[211:root:d3]SSL state:error:(null)(10.0.0.12)
[211:root:d3]SSL_accept failed, 1:sslv3 alert certificate unknown
[211:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
[212:root:d3]SSL state:before SSL initialization (10.0.0.12)
[212:root:d3]SSL state:before SSL initialization (10.0.0.12)
[212:root:d3]no SNI received
[212:root:d3]client cert requirement: no
[212:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]no SNI received
[212:root:d3]client cert requirement: no
[212:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS read finished (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d3]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[212:root:d3]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]sslvpn_policy_match:2626 checking web session
[212:root:d3]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d3]sslvpn_policy_match:2651 policy check cache found [accept]
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]1 0x55344b00,ssl=0x548cd000,(nil),connect to 192.168.1.220:443.
[212:root:d3]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d3]0x55344b00 doSSLConnect() cookie out:
[212:root:d3]0x55344b00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Authorization: Basic YWRtaW46VG1jLWlkY3MyMDE3
Cache-Control: max-age=0
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

 

[212:root:d3]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d3]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d3]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E # diag debug enabledisable

FortiGate-60E # exit

1 Solution
Harunobu-Takahashi
New Contributor II

Sorry for the late reply.

 

I would like to inform you that I was able to achieve my goal by switching to a network authentication method using a captive portal without using an SSL-VPN portal.

 

thank you.

View solution in original post

10 REPLIES 10
Anthony_E
Community Manager
Community Manager

Hello Harunobu,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
hbac
Staff
Staff

Hi @Harunobu-Takahashi,

 

Is your bookmark configured for internal or external website? Does it redirect to another URL for authentication? 

 

Regards, 

Harunobu-Takahashi

Hi, HBAC

Thank you for looking into it.
The website is located internally.
Authentication is performed on the website and is not redirected externally.

Although this is not the content of the Debug I presented, the purpose is to connect to the vCenter server using SSL-VPN.

dbu

Just to add more user authentication seems to pass , but I see these errors related to SSL Certificate : 

[210:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[210:root:d2]SSL state:error:(null)(10.0.0.12)
[210:root:d2]SSL_accept failed, 1:sslv3 alert certificate unknown

[212:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d1]Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d1]SSL state:warning close notify (10.0.0.12)


Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
hbac

@Harunobu-Takahashi,

 

I would suggest upgrading the firmware to 7.0.13 and if the issue persists, you can try to delete and recreate the bookmark. 

 

Regards, 

Harunobu-Takahashi

I tried updating the firmware to 7.0.13, but it did not resolve the issue. What part do you mean by deleting bookmarks?

hbac

@Harunobu-Takahashi,

 

I mean deleting and recreating the bookmark on the FortiGate under SSLVPN portal. 

 

Regards,

AEK
SuperUser
SuperUser

@Harunobu-Takahashi, try update to 7.0.13 as it will probably fix the issue.

In fact according to release notes we can see the below info that look close to your description:

 

7.0.11 fixes the following issue:

746230  SSL VPN web mode cannot display certain websites that are internal bookmarks.
825750 VMware vCenter bookmark in not working after logging in to SSL VPN web mode.
831069 A blank page displayed after logging in to the back-end server in SSL VPN web mode.

 

7.0.12 fixes the following issue:

781581  Customer internal website is not shown correctly in SSL VPN web mode.
868491 SSL VPN web mode connection to VMware vCenter 7 is not working.
873995 Problem with the internal website using SSL VPN web mode.

 

7.0.13 fixes the following issue:

871229  SSL VPN web mode does not load when connecting to customer's internal site.
875167 Webpage opened in SSL VPN web portal is not displayed correctly.
881220 Found bad login for SSL VPN web-based access when enabling URL obscuration.
897385 Internal website keeps asking for credential with SSL VPN web mode.
933985 FortiGate as SSL VPN client does not work on NP6 and NP6XLite devices.

 

AEK
AEK
Harunobu-Takahashi

I tried 7.0.13, but it didn't solve the problem.
I will try to see if the issue can be resolved on the vCenter side.
We believe that the problem is related to the certificate.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors