Hello, we use a ssl portal with a FortiToken provisioned by a FortiAuthenticator (as a Radius server in the FG). During the login form, just appear the request of the token, it disappear after few seconds and the user see an Error: Permission denied. The same system is used for login to administration mgmnt of the firewall and in this case working fine, the token request form it's show for some minutes.
The problem happen only in this device (FG 100D, 6.2 firmware).
I have checked some timeout settings but there are in default time..as for other units.
During the diagnose debug, when appear the form to put the token, the log will blocked in fam_auth_send_req:583 with server blacklist:.
After few second the fill disappear and in the log see: fam_auth_send_req_internal:461 fnbam_auth return: 4
and the user see "Error: Permission denied."
diagnose debug application sslvpn -1
diagnose debug enable
Hello,
I got the same issue with Microsoft MFA with SSLVPN Login. I had to change the "remoteauthtimeout" value
config system global
set remoteauthtimeout 30
end
30 seconds is the value recommended by Microsoft, but for FortiToken, may 10 to 15 seconds should be enough.
Regards,
Philippe
Hello Philippe, very good!
Now work. I have configured 20 sec in test and could be fine also in production.
Have a nice day.
Thx,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1753 | |
1115 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.