Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tonym
New Contributor

Created on ‎08-03-2021 02:26 AM

N/A User in SSL VPN

Hello,

 

Just want to ask if someone encounter this already. I'm looking at FortiView VPN tab seeing User=n/a with 45mins ago last connection time and a duration of 22h 12m. Can someone explain why there is a n/a user?

 

SSL vpn was setup using only a local user created in the firewall. All user who successfully established a tunnel will be authenticated properly that's why their identity was recorded under "User". Why there is an N/A, is this a failed attempt to ssl vpn? See screenshot below for reference. Thank you in advance whoever give feedback about this

 

 

 

SSL NA user.JPG
Preview file
142 KB
6260
5 REPLIES 5
xSyKoTiKx
New Contributor

Created on ‎02-24-2022 04:25 AM

I came to find the answer to that same question, but it seems you and I are the only ones asking it.

5516
0 Kudos
Debbie_FTNT
Staff
Staff
In response to xSyKoTiKx

Created on ‎02-25-2022 06:08 AM

Hey SyKoTiK,

are your logs the exact same (user N/A, tunneltype ssl instead of ssl-tunnel/ssl-web)?

When an SSLVPN connection is established, FortiClient may open multiple tunnels at the same time; sometimes one of them doesn't establish properly and you might end up with something like a zombie tunnel with no associated user, and no specific tunnel type.

There shouldn't be any traffic flowing through it.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
5501
0 Kudos
Sativa23
New Contributor
In response to Debbie_FTNT

Created on ‎05-10-2023 05:12 PM

I have the same.  Traffic is passing though ?

 

n/a usern/a user

4238
0 Kudos
srajeswaran
Staff
Staff
In response to Sativa23

Created on ‎05-10-2023 11:33 PM

Can you run "get vpn ssl monitor" and check if "in/out" counters to confirm if there is active traffic flow

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
4228
0 Kudos
rosatechnocrat
Contributor II

Created on ‎05-10-2023 11:16 PM Edited on ‎05-10-2023 11:17 PM

 

* Oftentimes the "N/A" user just means that either the log entry itself doesn't track userinfo, or that no username was provided.
* For example: site-to-site IPsec tunnels frequently don't use usernames for authentication, and therefore any logs for those would show the user field as "N/A".
*  "SSL VPN new connection", do not track the username on that specific log entry. 
* If you look at a bunch of those logs at the same timestamp you will, however, usually be able to see a log entry with the actual user who connected. You can correlate these logs with the "remoteip" field to see if the log is referring to the same remote host.
* Ultimately so long as you don't see many failed login attempts, especially coming from remote-IPs in unexpected countries, the risk is not very high.
* You can check the country of the remote IP from the FortiGate command line as follows: diagnose firewall ipgeo ip2country x.x.x.x <----- enter remote IP there
+ Same information you can check in FortiGate as well, by following below steps.
>Logs & Report > Events > System Events .

Rosa Technocrat --

Also on YouTube---

Please do Subscribe
Rosa Technocrat --Also on YouTube---Please do Subscribe
4229
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.