Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rino_B
New Contributor III

Created on ‎06-02-2025 12:48 AM Edited on ‎07-09-2025 07:38 AM

SSL-VPN Web Portal breaks after 7.4.8 upgrade on 2GB models

Hi there,

 

On entry-level FortiGate models, the SSL-VPN web portal breaks after the update to FortiOS 7.4.8.

Screenshot 2025-06-02 093610.png

 

Update 2

diagnose debug console timestamp enable
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
diagnose debug enable

 

2025-06-05 11:17:43 [17810:root:4]fsv_check_path_passed:997 No access: check path failed /migadmin/rmt_index.html, /data/migadmin, /migadmin
2025-06-05 11:17:43 [17810:root:4]sslvpn_zip_handler:136 sslvpn check path failed.
2025-06-05 11:17:43 [17810:root:4]fsv_check_path_passed:997 No access: check path failed /migadmin/sslvpn/css/ssl_style.css, /data/migadmin/sslvpn/css, /migadmin/sslvpn/css
2025-06-05 11:17:43 [17810:root:4]sslvpn_zip_handler:136 sslvpn check path failed.

 

Update 3

The issue has been identified as BUG ID 1164811: https://docs.fortinet.com/document/fortigate/7.4.8/fortios-release-notes/236526/known-issues

Rino_B - FCS
Rino_B - FCS
Labels:
14760
36 REPLIES 36
Rino_B
New Contributor III
In response to BillH_FTNT

Created on ‎06-03-2025 01:43 AM

I sent you an email with a sample config

Rino_B - FCS
Rino_B - FCS
4104
0 Kudos
BillH_FTNT
Staff
Staff
In response to Rino_B

Created on ‎06-03-2025 08:07 AM

Hi Rino;

I got your configuration. Me or our colleagues will reproduce and investigate the issue in our labs. Thank you

Bill

3992
GerryU
New Contributor

Created on ‎06-02-2025 12:21 PM Edited on ‎06-02-2025 12:27 PM

Hello all, same here

@BillH_FTNT can I send you my config file?
Working on a 60F

Funny enough, I have upgraded to 7.4.8 start of May, did work last time I checked, 3 weeks ago... This is the 1st I hear of this same issue.

4213
0 Kudos
BillH_FTNT
Staff
Staff
In response to GerryU

Created on ‎06-02-2025 02:38 PM

Hi GerryU

I am preparing the lab to reproduce and investigate your issue. I will share the results here . Thank you.

Bill

4182
jweberhofer
New Contributor II

Created on ‎06-03-2025 07:47 AM

WE are having the same issue with a 60F since the update. Other similar models don't seem to have this issue. Here some lines from my client-log:

[info] Server init() port number is
[info] Fail to retrieve port number from file.
[info] Server init() port number is 37913
[info] Main process - Websocket open ws://127.0.0.1:37913/websocket
[info] WindowManager handlePossibleProtocolLauncherArgs argv=["/opt/forticlient/gui/FortiClient"]
[info] WindowManager handleCreateMainWindow
[info] MAIN MainWindow - createWindow Platform detected: fedora
[info] web-contents-created contents.id=1
[info] Saml - init
[info] Saml - listenSamlLoginRequest
[info] Server init() port number is 37913
[info] Renderer process - Websocket open ws://127.0.0.1:37913/websocket
[info] compliance configDir=/home/web/.config/FortiClient/config
[info] MAIN did-finish-load
[info] MAIN ready-to-show
[info] IPC_RENDERER_REQUEST.LOADED
[info] WindowManager handleWindowLoaded
[info] WindowManager handlePossibleProtocolLauncherArgs argv=["/opt/forticlient/gui/FortiClient"]
[info] WindowManager handleCreateMainWindow
[debug] Receive websocket type=FCT_VPN_DISCONNECTED
[debug] Receive websocket type=FCT_VPN_CONNECTING
[info] VpnHandler UNHANDLED {"isTrusted":true}
[debug] Receive websocket type=FCT_VPN_INVALID_CERTIFICATE
[info] VpnHandler UNHANDLED {"isTrusted":true}
[debug] Receive websocket type=FCT_VPN_DISCONNECTED
[debug] Receive websocket type=FCT_VPN_CONNECTING
[info] VpnHandler UNHANDLED {"isTrusted":true}
[debug] Receive websocket type=FCT_VPN_INVALID_CERTIFICATE
[info] VpnHandler UNHANDLED {"isTrusted":true}
[debug] Receive websocket type=FCT_VPN_DISCONNECTED

Johannes
Johannes
3991
0 Kudos
jweberhofer
New Contributor II
In response to jweberhofer

Created on ‎06-03-2025 07:56 AM

It's not only the portal, also the tunneling mode is broken.

Johannes
Johannes
4010
Rino_B
New Contributor III
In response to jweberhofer

Created on ‎06-03-2025 08:11 AM Edited on ‎06-03-2025 08:12 AM

We have no issues with Tunnel Mode but only with Web Mode.

 

Windows 11 24H2 26100.4061

FortiClient VPN 7.2.10.1217

Rino_B - FCS
Rino_B - FCS
3998
0 Kudos
BillH_FTNT
Staff
Staff
In response to jweberhofer

Created on ‎06-03-2025 08:10 AM

Hi jweberhofer

This is good information, We will cross-check this invalid certificate in our lab too. 

Thanks

Bill

4001
jweberhofer
New Contributor II
In response to BillH_FTNT

Created on ‎06-03-2025 08:14 AM

The (selected) certificate is definitely valid, it has been issued by letsencrypt. I have also replace it by a valid certificate from another CERT. Didn't change anything.

Johannes
Johannes
3996
0 Kudos
BillH_FTNT
Staff
Staff
In response to jweberhofer

Created on ‎06-03-2025 08:18 AM

Yeah, I understand what you mean. What I’m trying to say is that I need to check why a valid certificate is being marked as invalid during the process

Regards

Bill

3990
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.