Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TZ1
New Contributor

Created on ‎08-01-2024 12:01 AM Edited on ‎08-01-2024 12:03 AM

Installed the new update (7.4.4) since then - no VPN possible - permission denied (- 455)

Hi, the subject explains everything.

 

This morning I installed the newest update. Since then noone can start a vpn-connection. Me neither - and I am sure, that my logon is correct. And the others can't be all wrong also.

 

Everything else works, and in the office I can logon as administrator - everything looks fine.

The LDAP-Server is running, and hasn't been changed at all, not even rebootet.

 

I rebootet the FortiGate again, just in case - didn't help.

 

We use FortiTokens, but it is not asking for the token - already a problem with the logon.

 

Any Ideas?

Labels:
476
0 Kudos
1 Solution
Anthony_E
Community Manager
Community Manager

Created on ‎08-01-2024 12:04 AM

Hello,

 

Could you please have a look at this discussion?:

 

https://community.fortinet.com/t5/Support-Forum/SSL-VPN-Failure-Permission-Denied-455-after-update-t...

 

Regards,

Anthony-Fortinet Community Team.

View solution in original post

467
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎08-01-2024 12:04 AM

Hello,

 

Could you please have a look at this discussion?:

 

https://community.fortinet.com/t5/Support-Forum/SSL-VPN-Failure-Permission-Denied-455-after-update-t...

 

Regards,

Anthony-Fortinet Community Team.
468
rbraha
Staff
Staff

Created on ‎08-01-2024 12:08 AM

Hi @TZ1 

Are you using LDAPs port 636 on your FGT or plain ldap port 389?

If yes maybe this KB will help.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-LDAPS-connections-no-longer-work-after-upd...

 

If not try to run the below debug commands on FGT CLI:

 

diag debug cons time enable

diag debug application fnbamd -1

diag debug application sslvpn -1

diag debug enable

460
TZ1
New Contributor
In response to rbraha

Created on ‎08-01-2024 12:56 AM

Hi, It is 636.

 

In Name - Servername - IP/Name - IP-address.

Looks good so far, but if I activate Server Identity Check it looses contact to the server.

 

Fortinet.png

444
0 Kudos
rbraha
Staff
Staff
In response to TZ1

Created on ‎08-01-2024 03:22 AM

The server identity check option is used when enable/disable  against its certificate and subject alternative name(s).

418
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.