Hello,
We experience a weird issue with some of our users. We use FortiToken to enable 2FA, but sometimes user get a 'server unreachable' error message when approving their login attempt. Our FortiGate is available, and we're able to connect to it without any problems.
Whenever we remove the current FortiToken and re-invite the user (by scanning a new QR code) the problem is temporarily resolved.
Does anyone experience the same and/or does anyone know how to solve this?
We're have a FortiGate 100F running firmware 7.2.5 1517.
Hi @Riggie,
Could you collect the below logs to investigate further?
If possible, create a PCAP from the Android client.
The following application is unrelated to Fortinet, but it has been helpful for creating packet captures per application.
https://play.google.com/store/apps/details?id=com.emanuelef.remote_capture&hl=de&gl=US
Select the FortiToken Mobile application and reproduce the issue.
Run Debug at the same time in FGT:
diag debug console timestamp enable
diag debug app forticldd -1
diag debug app ftm-push
diag fortitoken debug enable
diag debug enable
post reproducing the issue, disable debug using the below command
diag debug disable
diag debug reset
Created on 11-08-2023 06:26 AM Edited on 11-08-2023 06:33 AM
Hello,
Thanks for your answer.
I've got the generated files but I want to share these privately as they contain IP-addresses and such. Is there a way to securely share them with you? My own SSL-VPN account also got hit with this problem. The other token that I use for a different FortiGate admin account is still able to process the FortiToken.
I've been battling this off and on for the past few months.
On the problematic devices, after hitting approve after receiving the FortiToken push notification, using the debug commands above the following error is being logged in the console: ssl accept error:1
Any ideas on what this indicates and what could cause this?
Thanks!
Hello,
I've got the PCAP and other support files, but I wish to share them privately as they contain sensitive information. Is there someone from staff where I can send the files to?
I've been battling the same issues, did you end up finding a resolution?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.