After SSL-VPN Webmode authentication, https bookmark login fails.

Harunobu-Takahashi · ‎01-20-2024

After SSL-VPN Webmode authentication, https bookmark login fails.
After a failure, the login screen will be displayed again.
I can log in correctly on the http bookmark login site.
I will add debugging, so if you have knowledge please help.

Equipment used: FG60E
Version: 7.0.10

FortiGate-60E #
FortiGate-60E # diag debug enable

FortiGate-60E # [210:root:d1]req: /remote/logincheck <----------------SSL-VPN Login
[210:root:d1]rmt_web_auth_info_parser_common:492 no session id in auth info
[210:root:d1]rmt_web_access_check:760 access failed, uri=[/remote/logincheck],ret=4103,
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]rmt_logincheck_cb_handler:1283 user 'user01' has a matched local entry.
[210:root:d1]sslvpn_auth_check_usrgroup:2967 forming user/group list from policy.
[210:root:d1]sslvpn_auth_check_usrgroup:3013 got user (0) group (1:0).
[210:root:d1]sslvpn_validate_user_group_list:1851 validating with SSL VPN authentication rules (1), realm ().
[210:root:d1]sslvpn_validate_user_group_list:1971 checking rule 1 cipher.
[210:root:d1]sslvpn_validate_user_group_list:1979 checking rule 1 realm.
[210:root:d1]sslvpn_validate_user_group_list:1990 checking rule 1 source intf.
[210:root:d1]sslvpn_validate_user_group_list:2029 checking rule 1 vd source intf.
[210:root:d1]sslvpn_validate_user_group_list:2571 rule 1 done, got user (0:0) group (1:0) peer group (0).
[210:root:d1]sslvpn_validate_user_group_list:2865 got user (0:0), group (1:0) peer group (0).
[210:root:d1]sslvpn_update_user_group_list:1793 got user (0:0), group (1:0), peer group (0) after update.
[210:root:d1]two factor check for user01: off
[210:root:d1]sslvpn_authenticate_user:183 authenticate user: [user01]
[210:root:d1]sslvpn_authenticate_user:197 create fam state
[210:root:d1][fam_auth_send_req_internal:426] Groups sent to FNBAM:
[210:root:d1]group_desc[0].grpname = IaaS-User
[210:root:d1][fam_auth_send_req_internal:438] FNBAM opt = 0X200400
[210:root:d1]fam_auth_send_req_internal:514 fnbam_auth return: 0
[210:root:d1][fam_auth_send_req_internal:539] Authenticated groups (1) by FNBAM with auth_type (1):
[210:root:d1]Received: auth_rsp_data.grp_list[0] = 2
[210:root:d1]fam_auth_send_req_internal:563 found node IaaS-User:0:, valid:1, auth:0
[210:root:d1]Validated: auth_rsp_data.grp_list[0] = IaaS-User
[210:root:d1][fam_auth_send_req_internal:652] The user user01 is authenticated.
[210:root:d1]fam_do_cb:665 fnbamd return auth success.
[210:root:d1]SSL VPN login matched rule (1).
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]rmt_web_session_create:1209 create web session, idx[0]
[210:root:d1]req: /remote/hostcheck_install?auth_type=1&us
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /sslvpn/portal.html
[210:root:d1]mza: 0x18c32a8 /sslvpn/portal.html
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][212:root:ce]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[212:root:ce]req: /d9116ac2a726d5e0d9386cf7a6da16c2/styles
mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/aes.js
[211:root:d0][212:root:ce]mza: 0x18c3268 /d9116ac2a726d5e0d9386cf7a6da16c2/styles.css
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/common.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[210:root:d2]allocSSLConn:307 sconn 0x54939500 (0:root)
[212:root:d0]mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/sslvpn_util.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d2]SSL state:before SSL initialization (10.0.0.12)
[210:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d0][210:root:d2]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[210:root:d2][211:root:d0]client cert requirement: no
mza: 0x18c3260 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/css/main.css
[210:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d1][212:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/css/le
[212:root:d1]mza: 0x18c3228 /d9116ac2a726d5e0d9386cf7a6da16c2/css/legacy-main.css
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.bundle.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]no SNI received
[210:root:d2]client cert requirement: no
[210:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write finished (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[210:root:d2]SSL state:error:(null)(10.0.0.12)
[210:root:d2]SSL_accept failed, 1:sslv3 alert certificate unknown
[210:root:d2]Destroy sconn 0x54939500, connSize=1. (root)
[210:root:d1]req: /api/v2/static/fweb_build.json
[210:root:d1]mza: 0x18c32c0 /api/v2/static/fweb_build.json
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /remote/portal?access=admin
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /remote/portal
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/lang/x
[212:root:d0]mza: 0x18c3278 /d9116ac2a726d5e0d9386cf7a6da16c2/lang/x-sjis.json
req: /d9116ac2a726d5e0d9386cf7a6da16c2/js/leg
[210:root:d1]mza: 0x18c3330 /d9116ac2a726d5e0d9386cf7a6da16c2/js/legacy_theme_setup.js
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-1.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-2.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[212:root:d0]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-4.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-3.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /remote/portal/bookmarks
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/
req: /d9116ac2a726d5e0d9386cf7a6da16c2/lato-b
[212:root:d0]def: 0x18c3240 /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/fa-icons.woff
[212:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/lato-r
def: 0x18c3368 /d9116ac2a726d5e0d9386cf7a6da16c2/lato-bold.woff2
[212:root:d1]def: 0x18c3320 /d9116ac2a726d5e0d9386cf7a6da16c2/lato-regular.woff2
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/
[212:root:d0]def: 0x18c3240 /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/ftnt-icons.woff

FortiGate-60E #
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [212:root:d0]req: /remote/web_service?bmgroup=gui-bookmark <------------https site bookmark click
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:0]make_proxy_url:79 proxy url :/proxy/4f6d056c/https/Z67cc6fdf618032cb5b81ef933da7b7ba/index.html
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]sslvpn_policy_match:2626 checking web session
[212:root:d0]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d0]policy_match_check:125 checking policy 2 for incoming policy (iif: 5)
[212:root:d0]policy_match_check:128 checking schedule
[212:root:d0]policy_match_check:135 checking authgrp
[212:root:d0]policy_match_check:144 checking services
[212:root:d0]check_policy_svr:742 service check ok
[212:root:d0]policy_match_check:153 checking ssl mode
[212:root:d0]policy_match_check:158 checking oif admin access
[212:root:d0]policy_match_check:166 checking oif
[212:root:d0]check_pol_oif:850 checking oif to 192.168.1.220
[212:root:d0]check_pol_oif:857 checking internal(0x5fe5198)
[212:root:d0]policy_match_check:177 checking address
[212:root:d0]policy_match_check:203 policy id: 2, policy position: 1, policy action: accept, address matched: 1
[212:root:d0]policy_match_check:220 selected policy id: 2, policy position: 1, policy action: accept
[212:root:d0]policy_match_check:233 return 0
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]3 0x54939500,ssl=0x55201000,(nil),connect to 192.168.1.220:443.
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /index.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]req: /remote/sslvpn_support.js
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d0]req: /sslvpn/js/sslvpn_util.js
[212:root:d1][211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
mza: 0x18c3258 /sslvpn/js/sslvpn_util.js
req: /sslvpn/js/aes.js
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3258 /sslvpn/js/aes.js
[212:root:ce]req: /sslvpn/js/sslvpn.js
[210:root:d1][212:root:ce]mza: 0x18c3258 /sslvpn/js/sslvpn.js
[211:root:d2]allocSSLConn:307 sconn 0x54939a00 (0:root)
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2]no SNI received
[211:root:d2]client cert requirement: no
[211:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d1]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d2][212:root:d1]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0][212:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]sslvpn_policy_match:2626 checking web session
[212:root:d1]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d1]sslvpn_policy_match:2651 policy check cache found [accept]
req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]sslvpn_policy_match:2626 checking web session
[211:root:d0]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d1][211:root:d0]3 0x54939a00,ssl=0x54947000,(nil),connect to 192.168.1.220:443.
sslvpn_policy_match:2651 policy check cache found [accept]
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]2 0x55344b00,ssl=0x55201000,(nil),connect to 192.168.1.220:443.
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
sslvpn_policy_match:2626 checking web session
[211:root:d2]no SNI received
[211:root:d2][212:root:ce]client cert requirement: no
req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d1][212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:ce][210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
sslvpn_policy_match:2651 policy check cache found [accept]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]sslvpn_policy_match:2626 checking web session
[212:root:ce]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:ce]sslvpn_policy_match:2651 policy check cache found [accept]
1 0x55344b00,ssl=0x54a2b000,(nil),connect to 192.168.1.220:443.
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]3 0x54939000,ssl=0x55203000,(nil),connect to 192.168.1.220:443.
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /javascript/angular-1.7.9/angular-route.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d1]0x54939a00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d1]0x54939a00 doSSLConnect() cookie out:
[212:root:d1]0x54939a00 fsv_output_req_headers() send header:
GET /css/icon_styles_ciscologo.css HTTP/1.1
Host: 192.168.1.220
Accept: text/css,*/*;q=0.1
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[210:root:d1]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[210:root:d1]0x55344b00 doSSLConnect() cookie out:
[210:root:d1]0x55344b00 fsv_output_req_headers() send header:
GET /javascript/jquery.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /javascript/controllers/rfdashboard.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[211:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[211:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[211:root:d2][212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
SSL state:SSLv3/TLS write finished (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /javascript/angular-1.7.9/angular.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d2]allocSSLConn:307 sconn 0x55344b00 (0:root)
[211:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[212:root:d2]SSL state:before SSL initialization (10.0.0.12)
[212:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2][212:root:d2]no SNI received
[212:root:d2]client cert requirement: no
SSL state:error:(null)(10.0.0.12)
SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d2][212:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d2][212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]no SNI received
[212:root:d2]client cert requirement: no
[212:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d0]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[211:root:d0]0x55344b00 doSSLConnect() cookie out:
[211:root:d0]0x55344b00 fsv_output_req_headers() send header:
GET /css/login.css HTTP/1.1
Host: 192.168.1.220
Accept: text/css,*/*;q=0.1
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[211:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[211:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[211:root:d0]0x55344b00 doSSLConnect() cookie out:
[211:root:d0]0x55344b00 fsv_output_req_headers() send header:
GET /javascript/translate.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[211:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write finished (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS read finished (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d2]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /css/fonts/ciscologo/ciscologo.woff?fpxgk6 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Origin: https://192.168.1.220
Referer: https://192.168.1.220/css/icon_styles_ciscologo.css
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /nls/ApplicationProperties-ja.json HTTP/1.1
Host: 192.168.1.220
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Requested-With: XMLHttpRequest
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /favicon.ico
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /favicon.ico HTTP/1.1
Host: 192.168.1.220
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:ce]Destroy sconn 0x54939000, connSize=3. (root)
[212:root:ce]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [210:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5 <---------Click the login button on the https site
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[210:root:d1]0x55344b00 doSSLConnect() cookie out:
[210:root:d1]0x55344b00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[210:root:d1]Destroy sconn 0x55344b00, connSize=0. (root)
[210:root:d1]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E # <------------Enter https site ID/PASS
FortiGate-60E # [212:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]0x54939a00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d1]0x54939a00 doSSLConnect() cookie out:
[212:root:d1]0x54939a00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Authorization: Basic YWRtaW46VG1jLWlkY3MyMDE3
Cache-Control: max-age=0
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d0]epollAddPending:538
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
[211:root:d0][212:root:d0]epollAddPending:538
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
epollFdHandler:653 s: 0x54939500 event: 0x1
[211:root:d0][212:root:d0]epollFdHandler:653 s: 0x55344b00 event: 0x1
Destroy sconn 0x54939500, connSize=2. (root)
[211:root:d0]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d0][211:root:d0]SSL state:warning close notify (10.0.0.12)
SSL state:warning close notify (10.0.0.12)
[212:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d1]Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d1]SSL state:warning close notify (10.0.0.12)
[212:root:d2]Timeout for connection 0x55344b00.

[212:root:d2]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d2]SSL state:warning close notify (10.0.0.12)

FortiGate-60E # <------------The https site ID/Pass input screen is displayed again.
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [210:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
[211:root:d3][210:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
SSL state:before SSL initialization (10.0.0.12)
[210:root:d3]SSL state:before SSL initialization (10.0.0.12)
SSL state:before SSL initialization (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:before SSL initialization (10.0.0.12)
no SNI received
[210:root:d3]client cert requirement: no
[210:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d3]no SNI received
[211:root:d3]client cert requirement: no
[211:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d3]no SNI received
[210:root:d3]client cert requirement: no
[210:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]no SNI received
[211:root:d3]client cert requirement: no
[211:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d3]SSL state:fatal certificate unknown (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:error:(null)(10.0.0.12)
[210:root:d3]SSL_accept failed, 1:sslv3 alert certificate unknown
[210:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
SSL state:SSLv3/TLS write certificate (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d3]SSL state:fatal certificate unknown (10.0.0.12)
[211:root:d3]SSL state:error:(null)(10.0.0.12)
[211:root:d3]SSL_accept failed, 1:sslv3 alert certificate unknown
[211:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
[212:root:d3]SSL state:before SSL initialization (10.0.0.12)
[212:root:d3]SSL state:before SSL initialization (10.0.0.12)
[212:root:d3]no SNI received
[212:root:d3]client cert requirement: no
[212:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]no SNI received
[212:root:d3]client cert requirement: no
[212:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS read finished (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d3]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[212:root:d3]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]sslvpn_policy_match:2626 checking web session
[212:root:d3]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d3]sslvpn_policy_match:2651 policy check cache found [accept]
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]1 0x55344b00,ssl=0x548cd000,(nil),connect to 192.168.1.220:443.
[212:root:d3]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d3]0x55344b00 doSSLConnect() cookie out:
[212:root:d3]0x55344b00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Authorization: Basic YWRtaW46VG1jLWlkY3MyMDE3
Cache-Control: max-age=0
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d3]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d3]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d3]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E # diag debug enabledisable

FortiGate-60E # exit

Harunobu-Takahashi · ‎02-12-2024

Sorry for the late reply.

I would like to inform you that I was able to achieve my goal by switching to a network authentication method using a captive portal without using an SSL-VPN portal.

thank you.

View solution in original post

Harunobu-Takahashi · ‎02-12-2024

Sorry for the late reply.

I would like to inform you that I was able to achieve my goal by switching to a network authentication method using a captive portal without using an SSL-VPN portal.

thank you.

After SSL-VPN Webmode authentication, https bookmark login fails.

Nominate a Forum Post for Knowledge Article Creation