Hi there,
I use FG60D, and wanna use VPN web portal.
what I've done:
- create web tunnel
- set AV check
- create user and group, then add to portal mapping on menu vpn ssl setting
I can reach web portal over web browser, directly, using assigned port.
but I can't login, permission denied.
am I missed something?
unlucky for me, tried to search over forum and fortigate help, but can't find about complete guidance.
also, Can I disable this feature, in the future? I mean outside can't reach web portal.
please help. thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you are reaching the web page in the browser, dose not mean you configured the portal / users correctly.
You are getting permission denied , because the user / group are not configured correctly.
I am not sure what you want to achieve but , you have to create a web-portal and assign users to it, in the web-portal you can enable either or both tunnel mode and web mode.
also, make sure you define the users inside the groups with out duplication , and at the end of the list you will see the default group assignment if the user is not defined in any group.
Regards,
Mahmood
Are you adding the user directly to the SSLVPN Auth/ portal mapping or adding them to a group and adding the group to the mapping?
did you add a portal to the users auth /portal mapping?
NSE 7 ATP3.0
You will need a policy from the sslvpn.root(if using root vdom) interface to internal network or the other way around in order to make it work. Make sure you have at least one policy referring the SSL-VPN interface.
Regards,
Patel
If you are reaching the web page in the browser, dose not mean you configured the portal / users correctly.
You are getting permission denied , because the user / group are not configured correctly.
I am not sure what you want to achieve but , you have to create a web-portal and assign users to it, in the web-portal you can enable either or both tunnel mode and web mode.
also, make sure you define the users inside the groups with out duplication , and at the end of the list you will see the default group assignment if the user is not defined in any group.
Regards,
Mahmood
I'd recommend disabling the AV check to see if that's causing the issue.
You need to really start with "diag debug application sslvpnd -1" and see what happens wen that user login-in.
hint capture the output to a file.
My guess, you have auth-rule issues ( group, order,etc....), or if using a external authorizer that could be an issue also. The latter is easy to rule out.
Ken Felix
PCNSE
NSE
StrongSwan
hi there..
sorry late post.
I've resolved the issue.
suggestion by shehab worked for me.
add user to group, then add user to existing policy. that's how I resolve.
thanks all
Seeams you have an issue with the user. Is a local or remote user? You can try this:
diagnose test authserver ldap Dc01 user password
Then you can validate if its acorrect credentials.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.