Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
grizbi
New Contributor

Created on ‎02-09-2025 01:20 PM

SSL_accept failed, 1:unexpected eof while reading

Hi,

Quite new on Fortinet config
I'm stuck with this error for a couple of days now on a very simple setup using FortiGate-40F v7.2.8

 

Using FortiClient on ubuntu 22.04 and windows 10 - now far away from the device, I try to set it up using ssh 


diagnose debug application sslvpn -1 shows
SSL_accept failed, 1:unexpected eof while reading

 

/**************    Hereafter  - config vpn ssl settings      *************/
set status enable
set reqclientcert disable
set ssl-max-proto-ver tls1-3
set ssl-min-proto-ver tls1-2
unset banned-cipher
set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
set ssl-insert-empty-fragment enable
set https-redirect disable
set x-content-type-options enable
set ssl-client-renegotiation disable
set force-two-factor-auth disable
set servercert "Fortinet_Factory"
set algorithm high
set idle-timeout 300
set auth-timeout 28800
set login-attempt-limit 2
set login-block-time 60
set login-timeout 60
set dtls-hello-timeout 30
set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set dns-suffix ''
set dns-server1 0.0.0.0
set dns-server2 0.0.0.0
set wins-server1 0.0.0.0
set wins-server2 0.0.0.0
set ipv6-dns-server1 ::
set ipv6-dns-server2 ::
set ipv6-wins-server1 ::
set ipv6-wins-server2 ::
set url-obscuration disable
set http-compression disable
set http-only-cookie enable
set port 10443
set port-precedence enable
set auto-tunnel-static-route enable
set header-x-forwarded-for add
set source-interface "wan"
set source-address "all"
set source-address-negate disable
set source-address6 "all"
set source-address6-negate disable
set default-portal "full-access"
config authentication-rule
edit 1
set groups "SSLVPN_USERS"
set portal "full-access"
set realm ''
set client-cert disable
set cipher high
set auth any
next
end
set browser-language-detection enable
set dtls-tunnel enable
set check-referer disable
set http-request-header-timeout 20
set http-request-body-timeout 30
set auth-session-check-source-ip enable
set tunnel-connect-without-reauth disable
set hsts-include-subdomains disable
set transform-backward-slashes disable
set encode-2f-sequence disable
set encrypt-and-store-password disable
set client-sigalgs all
set dual-stack-mode disable
set tunnel-addr-assigned-method first-available
set saml-redirect-port 8020
set ztna-trusted-client disable
set server-hostname ''
set dtls-max-proto-ver dtls1-2
set dtls-min-proto-ver dtls1-0
end

Please advise if there is any know issue

 

Labels:
1997
0 Kudos
16 REPLIES 16
grizbi
New Contributor
In response to AEK

Created on ‎02-11-2025 05:43 AM

I have no access to FGT-A as it is fully managed by the ISP (UAE zone)

687
0 Kudos
AEK
SuperUser
SuperUser
In response to grizbi

Created on ‎02-11-2025 06:11 AM

Then you definitely need to work with FGT-A's admin to try understand what's happening there.

AEK
AEK
679
0 Kudos
grizbi
New Contributor
In response to AEK

Created on ‎02-11-2025 06:11 AM

I have no access to FTG-A
When I use Forticlient  on windows (before it was ubuntu) - FTG logs are different - error raised @ 70%

[219:root:2d]Destroy sconn 0x7fa4e55800, connSize=0. (root)
[219:root:2d]SSL state:warning close notify (12.34.56.78)
[220:root:2d]allocSSLConn:310 sconn 0x7fa4e55800 (0:root)
[220:root:2d]SSL state:before SSL initialization (12.34.56.78)
[220:root:2d]SSL state:before SSL initialization (12.34.56.78)
[220:root:2d]no SNI received
[220:root:2d]client cert requirement: no
[220:root:2d]SSL state:SSLv3/TLS read client hello (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write server hello (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write certificate (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write key exchange (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write server done (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write server done:(null)(12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write server done (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS read client key exchange (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS read change cipher spec (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS read finished (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write session ticket (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write change cipher spec (12.34.56.78)
[220:root:2d]SSL state:SSLv3/TLS write finished (12.34.56.78)
[220:root:2d]SSL state:SSL negotiation finished successfully (12.34.56.78)
[220:root:2d]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
[220:root:2d]req: /remote/logincheck
[220:root:2d]Transfer-Encoding n/a
[220:root:2d]Content-Length 173
[220:root:2d]readPostEnter:17 Post Data length 173.
[220:root:2d]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
[220:root:2d]rmt_web_auth_info_parser_common:524 no session id in auth info
[220:root:2d]rmt_web_access_check:792 access failed, uri=[/remote/logincheck],ret=4103,
[220:root:2d]fsv_logincheck_common_handler:1347 user 'vpnadmin' has a matched local entry.
[220:root:2d]sslvpn_auth_check_usrgroup:3049 forming user/group list from policy.
[220:root:2d]sslvpn_auth_check_usrgroup:3096 got user (0) group (1:0).
[220:root:2d]sslvpn_validate_user_group_list:1939 validating with SSL VPN authentication rules (2), realm ().
[220:root:2d]sslvpn_validate_user_group_list:2033 checking rule 1 cipher.
[220:root:2d]sslvpn_validate_user_group_list:2041 checking rule 1 realm.
[220:root:2d]sslvpn_validate_user_group_list:2052 checking rule 1 source intf.
[220:root:2d]sslvpn_validate_user_group_list:2091 checking rule 1 vd source intf.
[220:root:2d]sslvpn_validate_user_group_list:2590 rule 1 done, got user (0:0) group (1:0) peer group (0).
[220:root:2d]sslvpn_validate_user_group_list:2033 checking rule 2 cipher.
[220:root:2d]sslvpn_validate_user_group_list:2041 checking rule 2 realm.
[220:root:2d]sslvpn_validate_user_group_list:2052 checking rule 2 source intf.
[220:root:2d]sslvpn_validate_user_group_list:2590 rule 2 done, got user (0:0) group (1:0) peer group (0).
[220:root:2d]sslvpn_validate_user_group_list:2598 got user (0:0) group (1:0) peer group (0).
[220:root:2d]sslvpn_validate_user_group_list:2945 got user (0:0), group (1:0) peer group (0).
[220:root:2d]sslvpn_update_user_group_list:1833 got user (0:0), group (1:0), peer group (0) after update.
[220:root:2d]two factor check for vpnadmin: off
[220:root:2d]sslvpn_authenticate_user:193 authenticate user: [login]
[220:root:2d]sslvpn_authenticate_user:211 create fam state
[220:root:2d][fam_auth_send_req_internal:429] Groups sent to FNBAM:
[220:root:2d]group_desc[0].grpname = SSLVPN_USERS
[220:root:2d][fam_auth_send_req_internal:441] FNBAM opt = 0X200420
[220:root:2d]fam_auth_send_req_internal:517 fnbam_auth return: 0
[220:root:2d][fam_auth_send_req_internal:543] Authenticated groups (1) by FNBAM with auth_type (1):
[220:root:2d]Received: auth_rsp_data.grp_list[0] = 2
[220:root:2d]fam_auth_send_req_internal:567 found node SSLVPN_USERS:0:, valid:1, auth:0
[220:root:2d]Validated: auth_rsp_data.grp_list[0] = SSLVPN_USERS
[220:root:2d][fam_auth_send_req_internal:657] The user vpnadmin is authenticated.
[220:root:2d]fam_do_cb:682 fnbamd return auth success.
[220:root:2d]SSL VPN login matched rule (1).
[220:root:2d]got public IP address: 12.34.56.78
[220:root:2d]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
[220:root:0]get tunnel link address4
[220:root:2d]rmt_web_session_create:1029 create web session, idx[0]
[220:root:2d]login_succeeded:553 redirect to hostcheck
[220:root:2d]Transfer-Encoding n/a
[220:root:2d]Content-Length 173
[220:root:2d]rmt_hcinstall_cb_handler:210 enter
[220:root:2d]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
[220:root:2d]rmt_hcinstall_cb_handler:288 hostchk needed : 0.
[220:root:2d]deconstruct_session_id:505 decode session id ok, user=[vpnadmin], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[5D3561FF70FAE3DE55E35E0955E737],idx=0,auth=1,sid=11d9ba7b,login=1739282265,access=1739282265,saml_logout_url=no,pip=12.34.56.78,grp_info=[grMieO],rmt_grp_info=[]
[220:root:2d]deconstruct_session_id:505 decode session id ok, user=[vpnadmin], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[5D3561FF70FAE3DE55E35E0955E737],idx=0,auth=1,sid=11d9ba7b,login=1739282265,access=1739282265,saml_logout_url=no,pip=12.34.56.78,grp_info=[grMieO],rmt_grp_info=[]
[220:root:2d]deconstruct_session_id:505 decode session id ok, user=[vpnadmin], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[5D3561FF70FAE3DE55E35E0955E737],idx=0,auth=1,sid=11d9ba7b,login=1739282265,access=1739282265,saml_logout_url=no,pip=12.34.56.78,grp_info=[grMieO],rmt_grp_info=[]
[220:root:2d]Transfer-Encoding n/a
[220:root:2d]Content-Length 173
[220:root:2d]req: /remote/fortisslvpn
[220:root:2d]deconstruct_session_id:505 decode session id ok, user=[vpnadmin], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[5D3561FF70FAE3DE55E35E0955E737],idx=0,auth=1,sid=11d9ba7b,login=1739282265,access=1739282265,saml_logout_url=no,pip=12.34.56.78,grp_info=[grMieO],rmt_grp_info=[]
[220:root:2d]deconstruct_session_id:505 decode session id ok, user=[vpnadmin], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[5D3561FF70FAE3DE55E35E0955E737],idx=0,auth=1,sid=11d9ba7b,login=1739282265,access=1739282265,saml_logout_url=no,pip=12.34.56.78,grp_info=[grMieO],rmt_grp_info=[]
[220:root:2d]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
[220:root:2d]Timeout for connection 0x7fa4e55800.

[220:root:2d]Destroy sconn 0x7fa4e55800, connSize=0. (root)
[220:root:2d]SSL state:warning close notify (12.34.56.78)
[220:root:0]sslvpn_internal_remove_one_web_session:3381 web session (root:vpnadmin:SSLVPN_USERS:12.34.56.78:0 1) removed for tunnel connection setup timeoutforticlient

679
0 Kudos
AEK
SuperUser
SuperUser
In response to grizbi

Created on ‎02-11-2025 06:43 AM

Here it is different, I see "Timeout for connection".

If you can add timestamp in debug log it may help further.

diag debug console timestamp enable
AEK
AEK
665
0 Kudos
grizbi
New Contributor
In response to AEK

Created on ‎02-11-2025 06:12 AM Edited on ‎02-11-2025 07:41 AM

show full-configuration vpn ssl settings | grep timeout
set idle-timeout 300
set auth-timeout 28800
set login-timeout 180
set dtls-hello-timeout 30
set http-request-header-timeout 20
set http-request-body-timeout 30


Full log with timestamp:
2025-02-11 07:18:32 [219:root:4]allocSSLConn:310 sconn 0x7f9f455800 (0:root)
2025-02-11 07:18:32 [219:root:4]SSL state:before SSL initialization (12.34.56.78)
2025-02-11 07:18:32 [219:root:4]SSL state:fatal decode error (12.34.56.78)
2025-02-11 07:18:32 [219:root:4]SSL state:error:(null)(12.34.56.78)
2025-02-11 07:18:32 [219:root:4]SSL_accept failed, 1:unexpected eof while reading
2025-02-11 07:18:32 [219:root:4]Destroy sconn 0x7f9f455800, connSize=0. (root)
2025-02-11 07:18:32 [220:root:4]allocSSLConn:310 sconn 0x7f9f455800 (0:root)
2025-02-11 07:18:32 [220:root:4]SSL state:before SSL initialization (12.34.56.78)
2025-02-11 07:18:32 [220:root:4]SSL state:fatal decode error (12.34.56.78)
2025-02-11 07:18:32 [220:root:4]SSL state:error:(null)(12.34.56.78)
2025-02-11 07:18:32 [220:root:4]SSL_accept failed, 1:unexpected eof while reading
2025-02-11 07:18:32 [220:root:4]Destroy sconn 0x7f9f455800, connSize=0. (root)
2025-02-11 07:18:32 [218:root:5]allocSSLConn:310 sconn 0x7f9f455800 (0:root)
2025-02-11 07:18:32 [218:root:5]SSL state:before SSL initialization (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]SSL state:before SSL initialization (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]got SNI server name: vpn3.gemos.fr realm (null)
2025-02-11 07:18:32 [218:root:5]client cert requirement: no
2025-02-11 07:18:32 [218:root:5]SSL state:SSLv3/TLS read client hello (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]SSL state:SSLv3/TLS write server hello (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]SSL state:SSLv3/TLS write certificate (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]SSL state:SSLv3/TLS write key exchange (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]SSL state:SSLv3/TLS write server done (12.34.56.78)
2025-02-11 07:18:32 [218:root:5]SSL state:SSLv3/TLS write server done:(null)(12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS write server done (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS read client key exchange (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS read change cipher spec (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS read finished (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS write session ticket (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS write change cipher spec (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSLv3/TLS write finished (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL state:SSL negotiation finished successfully (12.34.56.78)
2025-02-11 07:18:33 [218:root:5]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
2025-02-11 07:18:33 [218:root:5]req: /remote/info
2025-02-11 07:18:33 [218:root:5]capability flags: 0x1cdf
2025-02-11 07:18:33 [218:root:5]req: /remote/login
2025-02-11 07:18:33 [218:root:5]rmt_web_auth_info_parser_common:524 no session id in auth info
2025-02-11 07:18:33 [218:root:5]rmt_web_get_access_cache:873 invalid cache, ret=4103
2025-02-11 07:18:33 [218:root:5]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
2025-02-11 07:18:33 [218:root:5]get_cust_page:123 saml_info 0
2025-02-11 07:18:54 [218:root:5]Timeout for connection 0x7f9f455800.

2025-02-11 07:18:54 [218:root:5]Destroy sconn 0x7f9f455800, connSize=0. (root)
2025-02-11 07:18:54 [218:root:5]SSL state:warning close notify (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]allocSSLConn:310 sconn 0x7f9f455800 (0:root)
2025-02-11 07:19:05 [219:root:5]SSL state:before SSL initialization (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]SSL state:before SSL initialization (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]got SNI server name: vpn3.gemos.fr realm (null)
2025-02-11 07:19:05 [219:root:5]client cert requirement: no
2025-02-11 07:19:05 [219:root:5]SSL state:SSLv3/TLS read client hello (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]SSL state:SSLv3/TLS write server hello (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]SSL state:SSLv3/TLS write certificate (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]SSL state:SSLv3/TLS write key exchange (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]SSL state:SSLv3/TLS write server done (12.34.56.78)
2025-02-11 07:19:05 [219:root:5]SSL state:SSLv3/TLS write server done:(null)(12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS write server done (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS read client key exchange (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS read change cipher spec (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS read finished (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS write session ticket (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS write change cipher spec (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSLv3/TLS write finished (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL state:SSL negotiation finished successfully (12.34.56.78)
2025-02-11 07:19:06 [219:root:5]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
2025-02-11 07:19:06 [219:root:5]req: /remote/logincheck
2025-02-11 07:19:06 [219:root:5]Transfer-Encoding n/a
2025-02-11 07:19:06 [219:root:5]Content-Length 173
2025-02-11 07:19:06 [219:root:5]readPostEnter:17 Post Data length 173.
2025-02-11 07:19:06 [219:root:5]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
2025-02-11 07:19:06 [219:root:5]rmt_web_auth_info_parser_common:524 no session id in auth info
2025-02-11 07:19:06 [219:root:5]rmt_web_access_check:792 access failed, uri=[/remote/logincheck],ret=4103,
2025-02-11 07:19:06 [219:root:5]fsv_logincheck_common_handler:1347 user 'login-vpn' has a matched local entry.
2025-02-11 07:19:06 [219:root:5]sslvpn_auth_check_usrgroup:3049 forming user/group list from policy.
2025-02-11 07:19:06 [219:root:5]sslvpn_auth_check_usrgroup:3096 got user (0) group (1:0).
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:1939 validating with SSL VPN authentication rules (2), realm ().
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2033 checking rule 1 cipher.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2041 checking rule 1 realm.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2052 checking rule 1 source intf.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2091 checking rule 1 vd source intf.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2590 rule 1 done, got user (0:0) group (1:0) peer group (0).
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2033 checking rule 2 cipher.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2041 checking rule 2 realm.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2052 checking rule 2 source intf.
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2590 rule 2 done, got user (0:0) group (1:0) peer group (0).
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2598 got user (0:0) group (1:0) peer group (0).
2025-02-11 07:19:06 [219:root:5]sslvpn_validate_user_group_list:2945 got user (0:0), group (1:0) peer group (0).
2025-02-11 07:19:06 [219:root:5]sslvpn_update_user_group_list:1833 got user (0:0), group (1:0), peer group (0) after update.
2025-02-11 07:19:06 [219:root:5]two factor check for login-vpn: off
2025-02-11 07:19:06 [219:root:5]sslvpn_authenticate_user:193 authenticate user: [login-vpn]
2025-02-11 07:19:06 [219:root:5]sslvpn_authenticate_user:211 create fam state
2025-02-11 07:19:06 [219:root:5][fam_auth_send_req_internal:429] Groups sent to FNBAM:
2025-02-11 07:19:06 [219:root:5]group_desc[0].grpname = SSLVPN_USERS
2025-02-11 07:19:06 [219:root:5][fam_auth_send_req_internal:441] FNBAM opt = 0X200420
2025-02-11 07:19:06 [219:root:5]fam_auth_send_req_internal:517 fnbam_auth return: 0
2025-02-11 07:19:06 [219:root:5][fam_auth_send_req_internal:543] Authenticated groups (1) by FNBAM with auth_type (1):
2025-02-11 07:19:06 [219:root:5]Received: auth_rsp_data.grp_list[0] = 2
2025-02-11 07:19:06 [219:root:5]fam_auth_send_req_internal:567 found node SSLVPN_USERS:0:, valid:1, auth:0
2025-02-11 07:19:06 [219:root:5]Validated: auth_rsp_data.grp_list[0] = SSLVPN_USERS
2025-02-11 07:19:06 [219:root:5][fam_auth_send_req_internal:657] The user login-vpn is authenticated.
2025-02-11 07:19:06 [219:root:5]fam_do_cb:682 fnbamd return auth success.
2025-02-11 07:19:06 [219:root:5]SSL VPN login matched rule (1).
2025-02-11 07:19:06 [219:root:5]got public IP address: 12.34.56.78
2025-02-11 07:19:06 [219:root:5]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
2025-02-11 07:19:06 [219:root:0]get tunnel link address4
2025-02-11 07:19:06 [219:root:5]rmt_web_session_create:1029 create web session, idx[0]
2025-02-11 07:19:06 [219:root:5]login_succeeded:553 redirect to hostcheck
2025-02-11 07:19:06 [219:root:5]Transfer-Encoding n/a
2025-02-11 07:19:06 [219:root:5]Content-Length 173
2025-02-11 07:19:06 [219:root:5]rmt_hcinstall_cb_handler:210 enter
2025-02-11 07:19:06 [219:root:5]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
2025-02-11 07:19:06 [219:root:5]rmt_hcinstall_cb_handler:288 hostchk needed : 0.
2025-02-11 07:19:06 [219:root:5]deconstruct_session_id:505 decode session id ok, user=[login-vpn], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[A468BD2BE33375DBD1DAD6B0CAE779E],idx=0,auth=1,sid=6e2ebb0a,login=1739287146,access=1739287146,saml_logout_url=no,pip=12.34.56.78,grp_info=[QBIAuL],rmt_grp_info=[]
2025-02-11 07:19:06 [219:root:5]deconstruct_session_id:505 decode session id ok, user=[login-vpn], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[A468BD2BE33375DBD1DAD6B0CAE779E],idx=0,auth=1,sid=6e2ebb0a,login=1739287146,access=1739287146,saml_logout_url=no,pip=12.34.56.78,grp_info=[QBIAuL],rmt_grp_info=[]
2025-02-11 07:19:06 [219:root:5]deconstruct_session_id:505 decode session id ok, user=[login-vpn], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[A468BD2BE33375DBD1DAD6B0CAE779E],idx=0,auth=1,sid=6e2ebb0a,login=1739287146,access=1739287146,saml_logout_url=no,pip=12.34.56.78,grp_info=[QBIAuL],rmt_grp_info=[]
2025-02-11 07:19:06 [219:root:5]Transfer-Encoding n/a
2025-02-11 07:19:06 [219:root:5]Content-Length 173
2025-02-11 07:19:06 [219:root:5]req: /remote/fortisslvpn
2025-02-11 07:19:06 [219:root:5]deconstruct_session_id:505 decode session id ok, user=[login-vpn], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[A468BD2BE33375DBD1DAD6B0CAE779E],idx=0,auth=1,sid=6e2ebb0a,login=1739287146,access=1739287146,saml_logout_url=no,pip=12.34.56.78,grp_info=[QBIAuL],rmt_grp_info=[]
2025-02-11 07:19:06 [219:root:5]deconstruct_session_id:505 decode session id ok, user=[login-vpn], group=[SSLVPN_USERS],authserver=[],portal=[full-access],host[12.34.56.78],realm=[],csrf_token=[A468BD2BE33375DBD1DAD6B0CAE779E],idx=0,auth=1,sid=6e2ebb0a,login=1739287146,access=1739287146,saml_logout_url=no,pip=12.34.56.78,grp_info=[QBIAuL],rmt_grp_info=[]
2025-02-11 07:19:06 [219:root:5]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
2025-02-11 07:19:26 [219:root:5]Timeout for connection 0x7f9f455800.

2025-02-11 07:19:26 [219:root:5]Destroy sconn 0x7f9f455800, connSize=0. (root)
2025-02-11 07:19:26 [219:root:5]SSL state:warning close notify (12.34.56.78)

676
0 Kudos
grizbi
New Contributor

Created on ‎02-12-2025 01:01 PM

I had an issue with the IP range associated with ssl.root 
now VPN works fine with windows client but still fails when running on Ubuntu 22.04  

580
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to grizbi

Created on ‎02-12-2025 01:13 PM

Hi @grizbi ,

 

Could you please contact the FGT admin to confirm whether there is "Host Check" or "Restrict to Specific OS Versions" configured in the SSL VPN Portal settings?

Regards,

Jerry
574
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.