- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL VPN process not starting
Greetings, I have a 60C which has been in production for several months running v5.0,build0305 (GA Patch 10). This morning, while troubleshooting an IPSec issue on the unit, I noticed the SSL VPN portal is no longer accessible. After digging deeper, I found the sslvpnd process was not listed in the top list. I rebooted the box and my IPSec issue cleared up, but the SSL issue persists. SSL VPN is enabled in the GUI. Has anyone else experienced something like this? Run Time: 0 days, 0 hours and 56 minutes
12U, 0N, 10S, 78I; 933T, 643F, 122KF
httpsd 237 R 7.9 2.0
httpsd 235 S 3.5 2.0
httpsd 151 R 2.7 2.5
newcli 243 R 1.1 1.4
httpsd 236 S 0.5 1.8
iked 79 S 0.1 1.5
pyfcgid 165 S 0.0 2.9
pyfcgid 164 S 0.0 2.7
pyfcgid 163 S 0.0 2.4
pyfcgid 161 S 0.0 2.3
miglogd 53 S 0.0 2.1
httpsd 148 S 0.0 2.1
cmdbsvr 33 R 0.0 2.1
httpsd 147 S 0.0 1.7
httpsd 55 S 0.0 1.7
ipsengine 70 S < 0.0 1.6
proxyworker 62 S 0.0 1.4
fgfmd 93 S 0.0 1.4
newcli 242 S 0.0 1.4
cw_acd 94 S 0.0 1.4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you 100% sure it's not running?
I would find the pid and then run the ps output and double check;
e.g
fnsysctl cat /var/run/sslvpnd.pid
78
fnsysctl ps -ef
And look for #78, if it's not running than ensure SSL is enabled. In fact this should be the 1st step.
e.g
get vpn ssl settings sslvpn-enable : enable sslv3 : enable dns-server1 : 0.0.0.0 dns-server2 : 0.0.0.0 route-source-interface: enable reqclientcert : disable sslv2 : disable force-two-factor-auth: disable force-utf8-login : disable allow-unsafe-legacy-renegotiation: disable servercert : self-sign algorithm : default idle-timeout : 300 auth-timeout : 28800 tunnel-ip-pools: == [ SSLVPN-P-TUN-0 ] name: SSLVPN-P-TUN-0 wins-server1 : 0.0.0.0 wins-server2 : 0.0.0.0 url-obscuration : disable http-compression : disable port : 10443
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The sslvpnd.pid is not present in the run folder, perhaps that's the issue...
# fnsysctl ls /var/run
alertmail.pid authd.pid bgpd.pid cmdbsvr.pid
cw_acd.pid daemon.pid ddnscd.pid dhcpd.pid
dnsproxy.pid eap_proxy.pid fclicense.pid fcnacd.pid
fgfmd.pid fnbamd.pid forticldd.pid forticron.pid
fsd.pid httpclid.pid httpd.pid iked.pid
imd.pid imi.pid init.pid ipsengine.pid
ipsmonitor.pid isisd.pid kmiglogd.pid merged_daemons.pid
miglogd000.pid nsm.pid ntpd.pid ospf6d.pid
ospfd.pid pdmd.pid pim6d.pid pimd.pid
proxyacceptor.pid proxyd.pid proxyworker000.pid pyfcgid.pid
quard.pid ripd.pid ripngd.pid scanunit.pid
snmpd.pid sqldb.pid sshd.pid sslacceptor.pid
sslworker000.pid stpd.pid telnetd.pid updated.pid
uploadd.pid urlfilter.pid usbmuxd.pid wad_diskd.pid
wpad.pid zebos_launcher.pid
Here is the output of "get vpn ssl settings"
get vpn ssl set
sslvpn-enable : enable
sslv3 : enable
tlsv1-0 : enable
tlsv1-1 : enable
tlsv1-2 : enable
dns-server1 : 0.0.0.0
dns-server2 : 0.0.0.0
route-source-interface: disable
reqclientcert : disable
sslv2 : disable
allow-ssl-big-buffer: disable
allow-ssl-insert-empty-fragment: enable
allow-ssl-client-renegotiation: disable
force-two-factor-auth: disable
force-utf8-login : disable
servercert : self-sign
algorithm : high
idle-timeout : 300
auth-timeout : 28800
tunnel-ip-pools:
tunnel-ipv6-pools:
dns-suffix :
wins-server1 : 0.0.0.0
wins-server2 : 0.0.0.0
--More-- ipv6-dns-server1 : ::
ipv6-dns-server2 : ::
ipv6-wins-server1 : ::
ipv6-wins-server2 : ::
url-obscuration : disable
http-compression : disable
http-only-cookie : enable
port : 30443
port-precedence : enable
auto-tunnel-static-route: enable
auto-tunnel-policy : enable
