- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can't login web portal vpn ssl
Hi there,
I use FG60D, and wanna use VPN web portal.
what I've done:
- create web tunnel
- set AV check
- create user and group, then add to portal mapping on menu vpn ssl setting
I can reach web portal over web browser, directly, using assigned port.
but I can't login, permission denied.
am I missed something?
unlucky for me, tried to search over forum and fortigate help, but can't find about complete guidance.
also, Can I disable this feature, in the future? I mean outside can't reach web portal.
please help. thank you.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are reaching the web page in the browser, dose not mean you configured the portal / users correctly.
You are getting permission denied , because the user / group are not configured correctly.
I am not sure what you want to achieve but , you have to create a web-portal and assign users to it, in the web-portal you can enable either or both tunnel mode and web mode.
also, make sure you define the users inside the groups with out duplication , and at the end of the list you will see the default group assignment if the user is not defined in any group.
Regards,
Mahmood
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you adding the user directly to the SSLVPN Auth/ portal mapping or adding them to a group and adding the group to the mapping?
did you add a portal to the users auth /portal mapping?
NSE 7 ATP3.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will need a policy from the sslvpn.root(if using root vdom) interface to internal network or the other way around in order to make it work. Make sure you have at least one policy referring the SSL-VPN interface.
Regards,
Patel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are reaching the web page in the browser, dose not mean you configured the portal / users correctly.
You are getting permission denied , because the user / group are not configured correctly.
I am not sure what you want to achieve but , you have to create a web-portal and assign users to it, in the web-portal you can enable either or both tunnel mode and web mode.
also, make sure you define the users inside the groups with out duplication , and at the end of the list you will see the default group assignment if the user is not defined in any group.
Regards,
Mahmood
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd recommend disabling the AV check to see if that's causing the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to really start with "diag debug application sslvpnd -1" and see what happens wen that user login-in.
hint capture the output to a file.
My guess, you have auth-rule issues ( group, order,etc....), or if using a external authorizer that could be an issue also. The latter is easy to rule out.
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi there..
sorry late post.
I've resolved the issue.
suggestion by shehab worked for me.
add user to group, then add user to existing policy. that's how I resolve.
thanks all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seeams you have an issue with the user. Is a local or remote user? You can try this:
diagnose test authserver ldap Dc01 user password
Then you can validate if its acorrect credentials.
