- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- SSL VPN process not starting
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL VPN process not starting
Greetings, I have a 60C which has been in production for several months running v5.0,build0305 (GA Patch 10). This morning, while troubleshooting an IPSec issue on the unit, I noticed the SSL VPN portal is no longer accessible. After digging deeper, I found the sslvpnd process was not listed in the top list. I rebooted the box and my IPSec issue cleared up, but the SSL issue persists. SSL VPN is enabled in the GUI. Has anyone else experienced something like this? Run Time: 0 days, 0 hours and 56 minutes
12U, 0N, 10S, 78I; 933T, 643F, 122KF
httpsd 237 R 7.9 2.0
httpsd 235 S 3.5 2.0
httpsd 151 R 2.7 2.5
newcli 243 R 1.1 1.4
httpsd 236 S 0.5 1.8
iked 79 S 0.1 1.5
pyfcgid 165 S 0.0 2.9
pyfcgid 164 S 0.0 2.7
pyfcgid 163 S 0.0 2.4
pyfcgid 161 S 0.0 2.3
miglogd 53 S 0.0 2.1
httpsd 148 S 0.0 2.1
cmdbsvr 33 R 0.0 2.1
httpsd 147 S 0.0 1.7
httpsd 55 S 0.0 1.7
ipsengine 70 S < 0.0 1.6
proxyworker 62 S 0.0 1.4
fgfmd 93 S 0.0 1.4
newcli 242 S 0.0 1.4
cw_acd 94 S 0.0 1.4
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you 100% sure it's not running?
I would find the pid and then run the ps output and double check;
e.g
fnsysctl cat /var/run/sslvpnd.pid
78
fnsysctl ps -ef
And look for #78, if it's not running than ensure SSL is enabled. In fact this should be the 1st step.
e.g
get vpn ssl settings sslvpn-enable : enable sslv3 : enable dns-server1 : 0.0.0.0 dns-server2 : 0.0.0.0 route-source-interface: enable reqclientcert : disable sslv2 : disable force-two-factor-auth: disable force-utf8-login : disable allow-unsafe-legacy-renegotiation: disable servercert : self-sign algorithm : default idle-timeout : 300 auth-timeout : 28800 tunnel-ip-pools: == [ SSLVPN-P-TUN-0 ] name: SSLVPN-P-TUN-0 wins-server1 : 0.0.0.0 wins-server2 : 0.0.0.0 url-obscuration : disable http-compression : disable port : 10443
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The sslvpnd.pid is not present in the run folder, perhaps that's the issue...
# fnsysctl ls /var/run
alertmail.pid authd.pid bgpd.pid cmdbsvr.pid
cw_acd.pid daemon.pid ddnscd.pid dhcpd.pid
dnsproxy.pid eap_proxy.pid fclicense.pid fcnacd.pid
fgfmd.pid fnbamd.pid forticldd.pid forticron.pid
fsd.pid httpclid.pid httpd.pid iked.pid
imd.pid imi.pid init.pid ipsengine.pid
ipsmonitor.pid isisd.pid kmiglogd.pid merged_daemons.pid
miglogd000.pid nsm.pid ntpd.pid ospf6d.pid
ospfd.pid pdmd.pid pim6d.pid pimd.pid
proxyacceptor.pid proxyd.pid proxyworker000.pid pyfcgid.pid
quard.pid ripd.pid ripngd.pid scanunit.pid
snmpd.pid sqldb.pid sshd.pid sslacceptor.pid
sslworker000.pid stpd.pid telnetd.pid updated.pid
uploadd.pid urlfilter.pid usbmuxd.pid wad_diskd.pid
wpad.pid zebos_launcher.pid
Here is the output of "get vpn ssl settings"
get vpn ssl set
sslvpn-enable : enable
sslv3 : enable
tlsv1-0 : enable
tlsv1-1 : enable
tlsv1-2 : enable
dns-server1 : 0.0.0.0
dns-server2 : 0.0.0.0
route-source-interface: disable
reqclientcert : disable
sslv2 : disable
allow-ssl-big-buffer: disable
allow-ssl-insert-empty-fragment: enable
allow-ssl-client-renegotiation: disable
force-two-factor-auth: disable
force-utf8-login : disable
servercert : self-sign
algorithm : high
idle-timeout : 300
auth-timeout : 28800
tunnel-ip-pools:
tunnel-ipv6-pools:
dns-suffix :
wins-server1 : 0.0.0.0
wins-server2 : 0.0.0.0
--More-- ipv6-dns-server1 : ::
ipv6-dns-server2 : ::
ipv6-wins-server1 : ::
ipv6-wins-server2 : ::
url-obscuration : disable
http-compression : disable
http-only-cookie : enable
port : 30443
port-precedence : enable
auto-tunnel-static-route: enable
auto-tunnel-policy : enable
Related Posts
- FortiClient 7.2.4 installer with deployed EMS... 121 Views
- How to upgrade WAN bandwidth 75 Views
- Fortigate SSLVPN with DUO MFA -... 92 Views
- Fortigate 40F - 2 identical ports... 185 Views
- FortiGate SSL Inspection suddenly breaking applications. 530 Views
Labels
-
FortiGate
6,532 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
Firewall policy
23 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.