Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Created on ‎09-11-2016 11:07 PM

SSLVPN 5.2.9

Heads up!

 

Seems like the old bug which breaks SSLVPN on interfaces other than WAN1 is back in this release.

 

Had it working perfectly on 5.2.8 then upgraded to 5.2.9 and it stops working. After some testing I was able to get it to work on WAN1 but no other interface.

 

Downgraded to 5.2.8 and it started to work again.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
9896
0 Kudos
9 REPLIES 9
Ralph1973
Contributor

Created on ‎09-12-2016 05:16 AM

Hello, what unit are  you using?

 

Regards,

Ralph

3873
0 Kudos
Carl_Wallmark
Valued Contributor
In response to Ralph1973

Created on ‎09-12-2016 05:37 AM

Hi Ralph,

 

200D and 100D is the ones I tested.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3873
0 Kudos
JohnLuo_FTNT
Staff
Staff

Created on ‎09-12-2016 05:08 PM

Thanks for your feedback. We will add it into release notes.

3873
0 Kudos
Carl_Wallmark
Valued Contributor
In response to JohnLuo_FTNT

Created on ‎09-13-2016 05:43 AM

We will add it into release notes.

 

I guess this is confirmed then ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3873
0 Kudos
Carl_Wallmark
Valued Contributor
In response to Carl_Wallmark

Created on ‎09-16-2016 02:07 AM

Confirmed:

 

Bug ID 287871

Administrative HTTPS and SSLVPN access using second WAN interface does not work after upgrade to 5.2.9.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3873
0 Kudos
Ed1
New Contributor
In response to Carl_Wallmark

Created on ‎09-18-2016 08:12 AM

What happens if you aggregate the two WAN interfaces? Is the bug still there?
3873
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎09-21-2016 02:40 PM

We experienced this when it was introduced first time, and read this thread. Now I'm wondering this problem happens because we didn't (didn't have to) originally specify the incoming interface of SSL VPN quite some time ago then it broke when the new firmware is looking for that part of config, which doesn't exist in the config. I think this because it doesn't happen to IPSec VPNs where we always bind them to a specific interface. 

3873
0 Kudos
nwillia09
New Contributor
In response to Toshi_Esumi

Created on ‎02-22-2017 06:13 AM

We also just experienced this after getting a replacement 200D that came with 5.2.9. The SSL VPN web & tunnel mode works only on WAN2. I have attempted to unset the source-interface from the authorization rules as indicated in other forums, however that has not made any difference at all. Has anyone found a workaround besides changing firmware?

3873
0 Kudos
maryzhang_FTNT
Staff
Staff
In response to nwillia09

Created on ‎02-22-2017 11:43 AM

Thanks for your feedback. There is no workaround. The issue is fixed with 5.2.10. Please upgrade your device to 5.2.10.

3873
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.