Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
okaenegen
New Contributor

FortiManager GUI login Issue

Has anyone ever experienced and issue FortiManager immediately logging out Admins 10-30 seconds after logging into the GUI?

For the passed year FMgr has been working fine, we typically authenticate via SSO with Okta as the IdP. For the passed year no issues, we've made the internal decision to move all SSO authentication to Azure where possible to slowly phase out Okta.

I was able to successfully switch to Azure as the SSO IdP and things worked great with no issues. About a week later one of my counterparts reported issues of him not being able to stay logged into FMgr.

I troubleshot and confirmed what he was reporting. I tried from multiple machines, browsers (private & incognito), cleared cache....still the same results. After looking at logs on the Azure side, it seemed that it was receiving a "logoff" request, which essentially logged the user out.

To troubleshoot further I removed all SSO settings on the FMgr side leaving only the local Super Admin account and the issue persisted even with the local account.

I do have a ticket open with TAC and was able to demonstrate the issue via screen share, after about 2hrs of diags and DB clean-ups, nothing seems to help.

Their level 3's are asking for event logs but as you guessed, I can't stay logged in long enough to download them

We're hosting both FortiManager and FortiAnalyzer appliances in the Azure and both are having the same issue. I am trying to do everything possible to not have to rebuild both VMs as that would be a pain with all the Gates we have deployed already

I created a video illustrating the issue (please excuse the Camtasia, watermark...LOL)

The issue is with the GUI only, I can SSH into both appliances and stay logged in until the configured timeout.

The community has always been helpful so as always, any help or comments are very much appreciated.

https://nox.tips/ https://xender.vip/
2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

I found this answer from a reddit user which can be useful:

 

'To give a bit more context, every few seconds your browser will be sending a request to the FAZ/FMG

 

/cgi-bin/module/HeartBeat

 

if this is load balanced in some way, and appears from a new source IP - it will trigger a logout of the system. I haven't been able to figure a way out of this system - so had to pin the FAZ/FMG traffic into my azure hosted systems to a single IP address, as the load balancing I was using was trying to maximise bandwidth across both links.'

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors