Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
runab
New Contributor II

Created on ‎08-18-2024 01:47 AM

/proxy/ issue over sslvpn webportal for http/https bookmark

 
We use sslvpn web portal to reach http/https server. We are not able to proceed after browser hits the url https://hostname-fortigate/proxy/xxxxxxx/https/login.microsoftonline.com/common/GetCredentialType?mk...

I did debug for sslvpn and following is the error:

[313:root:5dd]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[313:root:5dd]do_http_validate:442 method (POST) on uri (/proxy/xxxxxx/https/login.microsoftonline.com/common/GetCredentialType) not allowed.
[313:root:5dd]sslConnGotoNextState:309 error (last state: 1, closeOp: 0)
[313:root:5dd]Destroy sconn 0x7f0f70cae000, connSize=0. (root)
[313:root:5dd]SSL state:warning close notify ()
Labels:
820
0 Kudos
2 Solutions
runab
New Contributor II
In response to runab

Created on ‎08-19-2024 03:46 AM

It started working when I set "set ssl-max-proto-ver tls1-2"

config vpn ssl setting

    set ssl-max-proto-ver tls1-2

    

But later I again changed to tls1-3. It still works. It was a bit strange.

View solution in original post

720
runab
New Contributor II
In response to runab

Created on ‎08-19-2024 01:00 PM

It started working when I set "set ssl-max-proto-ver tls1-2"

config vpn ssl setting

    set ssl-max-proto-ver tls1-2

    

But later I again changed to tls1-3. It still works. It was a bit strange.

View solution in original post

703
0 Kudos
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎08-18-2024 03:52 AM

Did you configure a firewall rule that allows this access?

AEK
AEK
793
0 Kudos
runab
New Contributor II
In response to AEK

Created on ‎08-18-2024 04:10 AM

We allow traffic to login.microsoftonline.com. Before it hits this url, other url to login.microsoftonline.com works over sslvpn web portal.

789
0 Kudos
runab
New Contributor II
In response to runab

Created on ‎08-19-2024 01:03 AM

I checked again I see traffic to login.microsoftonline.com. But when it comes to login.microsoftonline.com/common urls, it gets the error. And it does not allow for SSO to login.microsoftonline.com.

732
0 Kudos
runab
New Contributor II
In response to runab

Created on ‎08-19-2024 03:46 AM

It started working when I set "set ssl-max-proto-ver tls1-2"

config vpn ssl setting

    set ssl-max-proto-ver tls1-2

    

But later I again changed to tls1-3. It still works. It was a bit strange.

721
runab
New Contributor II
In response to runab

Created on ‎08-19-2024 01:00 PM

It started working when I set "set ssl-max-proto-ver tls1-2"

config vpn ssl setting

    set ssl-max-proto-ver tls1-2

    

But later I again changed to tls1-3. It still works. It was a bit strange.

704
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.