Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rino_B
New Contributor III

Created on ā€Ž06-02-2025 12:48 AM Edited on ā€Ž07-09-2025 07:38 AM

SSL-VPN Web Portal breaks after 7.4.8 upgrade on 2GB models

Hi there,

 

On entry-level FortiGate models, the SSL-VPN web portal breaks after the update to FortiOS 7.4.8.

Screenshot 2025-06-02 093610.png

 

Update 2

diagnose debug console timestamp enable
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
diagnose debug enable

 

2025-06-05 11:17:43 [17810:root:4]fsv_check_path_passed:997 No access: check path failed /migadmin/rmt_index.html, /data/migadmin, /migadmin
2025-06-05 11:17:43 [17810:root:4]sslvpn_zip_handler:136 sslvpn check path failed.
2025-06-05 11:17:43 [17810:root:4]fsv_check_path_passed:997 No access: check path failed /migadmin/sslvpn/css/ssl_style.css, /data/migadmin/sslvpn/css, /migadmin/sslvpn/css
2025-06-05 11:17:43 [17810:root:4]sslvpn_zip_handler:136 sslvpn check path failed.

 

Update 3

The issue has been identified as BUG ID 1164811: https://docs.fortinet.com/document/fortigate/7.4.8/fortios-release-notes/236526/known-issues

Rino_B - FCS
Rino_B - FCS
Labels:
14751
36 REPLIES 36
AEK
SuperUser
SuperUser

Created on ā€Ž06-02-2025 05:30 AM

Hi Rino

What was your previous version on which it worked?

AEK
AEK
4981
Rino_B
New Contributor III

Created on ā€Ž06-02-2025 05:34 AM

FortiOS 7.4.7

Rino_B - FCS
Rino_B - FCS
4975
0 Kudos
DennyS
New Contributor

Created on ā€Ž06-02-2025 08:38 AM

I can confirm the same behavior on a 60F.
Downgrading to 7.4.7 is a workaround

 

4932
0 Kudos
Lennart
New Contributor II
In response to DennyS

Created on ā€Ž06-05-2025 01:51 AM

Downgrading to 7.4.7 for me makes webvpn work. But now i'm unable to manage the device, because my admin credentials have stopped working. 

4364
0 Kudos
Rino_B
New Contributor III
In response to Lennart

Created on ā€Ž06-05-2025 01:55 AM

Did you run the command below?

 

To enhance the security of system administrator passwords, FortiGate now uses PBKDF2 as the hashing scheme with randomized salts to hash and store the password.

To maintain downgrade support, a new command is introduced:

config system password-policy
    set login-lockout-upon-downgrade {enable | disable}
end

https://docs.fortinet.com/document/fortigate/7.4.8/fortios-release-notes/743723/new-features-or-enha...

Rino_B - FCS
Rino_B - FCS
4357
Lennart
New Contributor II
In response to Rino_B

Created on ā€Ž06-05-2025 02:01 AM

No I haven't. And didn't read all of the release notes. So this is something other users should be aware off. 

4353
Lennart
New Contributor II
In response to Lennart

Created on ā€Ž06-05-2025 02:16 AM

Ok i thought default behaviour would result in problems with downgrade support, however according to this article this shouldn't be the case. And i still have the 

old-password in my config file. So it seems this is just another bug?

 

Unable to login with local administrator ... - Fortinet Community

 

Expected lockout behavior:

Beginning in FortiOS v7.2.11, v7.6.1, and upcoming in v7.4.8, the security of stored system administrator passwords has been enhanced in Issue ID# 752946. By default for backward compatibility, the old version of the password is also retained. 

 

4345
0 Kudos
Lennart
New Contributor II
In response to Lennart

Created on ā€Ž06-05-2025 02:45 AM

The password hash value out of an old config file on 7.2.5 and the value of old-password in the 7.4.8 config backup also don't match. And my guess is these should have matched.

Note: i'm 100% sure the password itself has not changed during this time. And i'm not sharing it for testing in lab environment ;) .

4315
0 Kudos
BillH_FTNT
Staff
Staff

Created on ā€Ž06-02-2025 10:15 AM

Hi Rino_B 

What is your hardware ? Could you share your configuration to my official email bhoang@fortinet.com; I want to reproduce the issue in my lab. Thank you

Regards

Bill

4909
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.