Heads up!
Seems like the old bug which breaks SSLVPN on interfaces other than WAN1 is back in this release.
Had it working perfectly on 5.2.8 then upgraded to 5.2.9 and it stops working. After some testing I was able to get it to work on WAN1 but no other interface.
Downgraded to 5.2.8 and it started to work again.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello, what unit are you using?
Regards,
Ralph
Hi Ralph,
200D and 100D is the ones I tested.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Thanks for your feedback. We will add it into release notes.
We will add it into release notes.
I guess this is confirmed then ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Confirmed:
Bug ID 287871
Administrative HTTPS and SSLVPN access using second WAN interface does not work after upgrade to 5.2.9.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
We experienced this when it was introduced first time, and read this thread. Now I'm wondering this problem happens because we didn't (didn't have to) originally specify the incoming interface of SSL VPN quite some time ago then it broke when the new firmware is looking for that part of config, which doesn't exist in the config. I think this because it doesn't happen to IPSec VPNs where we always bind them to a specific interface.
We also just experienced this after getting a replacement 200D that came with 5.2.9. The SSL VPN web & tunnel mode works only on WAN2. I have attempted to unset the source-interface from the authorization rules as indicated in other forums, however that has not made any difference at all. Has anyone found a workaround besides changing firmware?
Thanks for your feedback. There is no workaround. The issue is fixed with 5.2.10. Please upgrade your device to 5.2.10.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.