Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

SSLVPN 5.2.9

Heads up!

 

Seems like the old bug which breaks SSLVPN on interfaces other than WAN1 is back in this release.

 

Had it working perfectly on 5.2.8 then upgraded to 5.2.9 and it stops working. After some testing I was able to get it to work on WAN1 but no other interface.

 

Downgraded to 5.2.8 and it started to work again.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
9 REPLIES 9
Ralph1973
Contributor

Hello, what unit are  you using?

 

Regards,

Ralph

Carl_Wallmark

Hi Ralph,

 

200D and 100D is the ones I tested.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
JohnLuo_FTNT
Staff
Staff

Thanks for your feedback. We will add it into release notes.

Carl_Wallmark

We will add it into release notes.

 

I guess this is confirmed then ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Carl_Wallmark

Confirmed:

 

Bug ID 287871

Administrative HTTPS and SSLVPN access using second WAN interface does not work after upgrade to 5.2.9.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Ed1

What happens if you aggregate the two WAN interfaces? Is the bug still there?
Toshi_Esumi
SuperUser
SuperUser

We experienced this when it was introduced first time, and read this thread. Now I'm wondering this problem happens because we didn't (didn't have to) originally specify the incoming interface of SSL VPN quite some time ago then it broke when the new firmware is looking for that part of config, which doesn't exist in the config. I think this because it doesn't happen to IPSec VPNs where we always bind them to a specific interface. 

nwillia09

We also just experienced this after getting a replacement 200D that came with 5.2.9. The SSL VPN web & tunnel mode works only on WAN2. I have attempted to unset the source-interface from the authorization rules as indicated in other forums, however that has not made any difference at all. Has anyone found a workaround besides changing firmware?

maryzhang_FTNT

Thanks for your feedback. There is no workaround. The issue is fixed with 5.2.10. Please upgrade your device to 5.2.10.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors