we have a ssl portal site configured in our fortigate 200B. Users can connect to
the portal site and login without any problem. On the portal we have some bookmarks,
just some internal http-sites for our staff. But those bookmarks do not work. If
somebody clicks on the bookmarks a new window is opened but it' s empty.
On the fortigate a warning (ID 39937) is logged. Message states " SSL web application blocked" .
Why is the fortigate blocking the portal bookmarks?
There is no UTM configured on the ssl_vpn_address rulesets.
Can anybody give me a clue where to allow the portal bookmarks?
thanks in advance
thanks for your reply rwpatterson but http is allowed in the config area.
But i also created a ticket and support found the solution.
We also use ssl in tunnel mode. So I created a rule which allows traffic from the
internet to our servers and as action i choose ssl-vpn. So far so good. The wrong
part was, that i configured only the ssl-vpn-tunnel ips as source address and so
only clients connected via the ssl-tunnel were able to contact servers in our network.
The portal was blocked, because the portal connects with the ip the client has in the
remote network. So the solution is to use " all" as source address and everything is
working like a charm :-)
Perhaps someone makes the same mistake and finds this info useful.
I also had some issue when trying to log in to a web server through SSL VPN Bookmark. In the Bookmark, I entered "fr.slcc.com:81" as the URL. Hence when I click the Bookmark, it will redirect to the "fr.slcc.com:81" website without the SSL VPN URL Prifix (https://vpn.stc.com/proxy/76ce8cbc/https/) Then I figured out this happens because the request ends with the the port number and because of that the browser redirect the traffic through normal internaet parth. Then I add login to the request to be like this "https://vpn.stc.com/proxy/76ce8cbc/https/fr.slcc.com:81/#/login". Now it's working fine.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.