Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

SSL VPN - Error: Permission Denied

I have walked through the " SSL VPN User Guide" and configured my FortiGate 100A as documented. I am able to access the Web Portal via IE, but when attempting to login I get the following error message: Error: Permission Denied I have checked my logs and I can see the login failures with a reason of " Unavail_Info" . I have configured the device to use LDAP authenticate (Windows 2003 Server Active Directory Domain Controller), however, I have also setup a local test user with a password to rule out any communication issues between the FortiGate and my AD Domain Controller. Does anyone have any suggestions?
10 REPLIES 10
rwpatterson
Valued Contributor III

Welcome to the forums Have you enabled the user? Sounds silly, but I forget this one occasionally as well. Also is the user in a user group in a policy? What firmware version are you running?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Carl_Wallmark
Valued Contributor

also, are you on the " outside" of the FG ??

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Not applicable

I am on the outside of the network attempting to login from the " internet" . I am running - 3.00-b0730(MR7 Patch 1). What do you mean by " Have you enabled the user?" ? I have created the account and joined it to a User Group. The User Group is listed on my WAN - Internal (SSL-VPN) firewall policy. Is there something else that I have to do to " enable" the user?
rwpatterson
Valued Contributor III

If you are using a local user, you must enable them. The user group could be there, but if the local user is disabled for access, you will not get in. Disregard if you are using LDAP or FSAE.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com

hello i have the same problem with FG 100A. but how i can enable local users? the Firmware Version is: 3.00-b0662(MR6 Patch 1). i do all possible ways of configuration by following all ssl guides and hints of this forum members but the problem stay. please what should i do? Regards Issam
Seppel
Contributor II

Hi Please activate the enable web application option and also one ore more option from this. regards

Fortigate 500E HA Fortimail 200 Fortimanager

FortiEMS

FortiSandbox 1000D

FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------

Fortigate 500E HA Fortimail 200 Fortimanager FortiEMS FortiSandbox 1000D FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
Not applicable

Thank you all for your suggestions. I was able to resolve this issue today. I had to move the " SSL VPN Authentication Policy" (WAN1 > Internal1, Action SSL-VPN) to the top of the list. Once I did that I was able to authenticate.
support12
New Contributor III

Do this. Delete the policy. Create again and move on top. It works for me.
Not applicable

thank you now i can login but still cannot access internet through ssl
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors