Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiVoice
- FortiToken
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- sslvpn_login_permission_denied
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sslvpn_login_permission_denied
Hello,
I have Fortinet 60 F device. An error showed up while trying to connect via SSLVpn that too many bad login attempts.-455 . When I check firewall failed authentication parts I saw that there are a lot of attempts to login. I am adding the screenshot. What can I do as an emergency solution? Thanks in advance.
Labels:
- Labels:
-
SSL-VPN
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please share below logs to dig further.
PuTTY SSH1:
------------
get vpn ssl monitor
diagnose vpn ssl list
diagnose firewall auth list
dia vpn ssl statistics
exec vpn sslvpn list
get system status
diag vpn ssl stat
PuTTY SSH2:
------------
diag sys flash list
diag debug reset
diagnose debug console timestamp en
diagnose vpn ssl debug-filter src-addr4 x.x.x.x - Here x.x.x.x is the public IP of the user connecting.
diag debug appl sslvpn -1
diag debug appl fn -1
diag debug enable
wait till the VPN disconnect, disable the logs by executing
diag debug disable
diag debug reset
Let us know if this helps.
Salon Raj Joshi
Salon Raj Joshi
Created on 12-04-2024 05:23 AM Edited on 12-04-2024 05:24 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
I am adding the results below.
# get vpn ssl monitor
SSL-VPN Login Users:
Index User Group Auth Type Timeout Auth-Timeout From HTTP in/out HTTPS in/out Two-factor Auth
SSL-VPN sessions:
Index User Group Source IP Duration I/O Bytes Tunnel/Dest IP
# diagnose firewall auth list
----- 0 listed, 0 filtered ------
# dia vpn ssl statistics
SSLVPN statistics (root):
------------------
Memory unit: 1
System total memory: 2011013120
System free memory: 756207616
SSLVPN memory margin: 201101312
SSLVPN state: normal
Max number of users: 2
Max number of tunnels: 2
Max number of connections: 21
The number of invalid_http: 797
Current number of users: 0
Current number of tunnels: 0
Current number of connections: 0
# exec vpn sslvpn list
SSL-VPN Login Users:
Index User Group Auth Type Timeout Auth-Timeout From HTTP in/out HTTPS in/out Two-factor Auth
SSL-VPN sessions:
Index User Group Source IP Duration I/O Bytes Tunnel/Dest IP
# get system status
Version: FortiGate-60F v7.2.10,build1706,240918 (GA.M)
Security Level: 2
Firmware Signature: certified
Virus-DB: 92.09284(2024-12-04 04:26)
Extended DB: 92.09284(2024-12-04 04:25)
AV AI/ML Model: 3.02027(2024-12-04 03:45)
IPS-DB: 29.00914(2024-12-03 06:23)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 29.00914(2024-12-03 06:23)
FMWP-DB: 24.00111(2024-11-06 13:21)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 5.00251(2024-12-03 06:59)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number: -
BIOS version: 05000009
System Part-Number: P24286-07
Log hard disk: Not available
Hostname: AIRPLUS
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1706
Release Version Information: GA
System time: Wed Dec 4 16:15:36 2024
Last reboot reason: warm reboot
# diag vpn ssl stat
SSLVPN statistics (root):
------------------
Memory unit: 1
System total memory: 2011013120
System free memory: 765112320
SSLVPN memory margin: 201101312
SSLVPN state: normal
Max number of users: 2
Max number of tunnels: 2
Max number of connections: 21
The number of invalid_http: 797
Current number of users: 0
Current number of tunnels: 0
Current number of connections: 0
# diag sys flash list
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FGT60F-7.02-FW-build1706-240918 253920 140428 55% Yes
2 FGT60F-7.02-FW-build1396-230131 253920 150012 59% No
3 ETDB-92.09284 3102320 416784 13% No
Image build at Sep 18 2024 18:23:21 for b1706
# diag debug enable
AIRPLUS # 2024-12-04 16:19:37 local auth is done with user 'ylim', ret=1
2024-12-04 16:19:38 local auth is done with user 'paulcv', ret=1
2024-12-04 16:20:20 [2507] handle_req-Rcvd auth_cert req id=2006890860, len=1599, opt=8
2024-12-04 16:20:20 [983] __cert_auth_ctx_init-req_id=2006890860, opt=8
2024-12-04 16:20:20 [992] __cert_auth_ctx_init-OCSP resp is found.
2024-12-04 16:20:20 [103] __cert_chg_st- 'Init'
2024-12-04 16:20:20 [156] fnbamd_cert_load_certs_from_req-3 cert(s) in req.
2024-12-04 16:20:20 [669] __cert_init-req_id=2006890860
2024-12-04 16:20:20 [718] __cert_build_chain-req_id=2006890860
2024-12-04 16:20:20 [273] fnbamd_chain_build-Chain discovery, opt 0x19, cur total 1
2024-12-04 16:20:20 [291] fnbamd_chain_build-Following depth 0
2024-12-04 16:20:20 [336] fnbamd_chain_build-Extend chain by builtin CA cache. (good)
2024-12-04 16:20:20 [291] fnbamd_chain_build-Following depth 1
2024-12-04 16:20:20 [336] fnbamd_chain_build-Extend chain by builtin CA cache. (good)
2024-12-04 16:20:20 [291] fnbamd_chain_build-Following depth 2
2024-12-04 16:20:20 [305] fnbamd_chain_build-Self-sign detected.
2024-12-04 16:20:20 [99] __cert_chg_st- 'Init' -> 'Validation'
2024-12-04 16:20:20 [840] __cert_verify-req_id=2006890860
2024-12-04 16:20:20 [841] __cert_verify-Chain is complete.
2024-12-04 16:20:20 [435] fnbamd_builtin_cert_check-Following cert chain depth 0
2024-12-04 16:20:20 [435] fnbamd_builtin_cert_check-Following cert chain depth 1
2024-12-04 16:20:20 [456] fnbamd_builtin_cert_check-Builtin CRL found: 244b5494
2024-12-04 16:20:20 [435] fnbamd_builtin_cert_check-Following cert chain depth 2
2024-12-04 16:20:20 [471] fnbamd_builtin_cert_check-Certificate status is unchecked.
2024-12-04 16:20:20 [876] __cert_verify_do_next-req_id=2006890860
2024-12-04 16:20:20 [99] __cert_chg_st- 'Validation' -> 'OCSP-Checking'
2024-12-04 16:20:20 [898] __cert_ocsp_check-req_id=2006890860
2024-12-04 16:20:20 [334] fnbamd_verify_ocsp_response-Cert status: GOOD.
2024-12-04 16:20:20 [256] __cert_ocsp_resp_verify-verify_ocsp_response returns 0 -1
2024-12-04 16:20:20 [99] __cert_chg_st- 'OCSP-Checking' -> 'Done'
2024-12-04 16:20:20 [921] __cert_done-req_id=2006890860
2024-12-04 16:20:20 [1683] fnbamd_auth_session_done-Session done, id=2006890860
2024-12-04 16:20:20 [966] __fnbamd_cert_auth_run-Exit, req_id=2006890860
2024-12-04 16:20:20 [1720] create_auth_cert_session-fnbamd_cert_auth_init returns 0, id=2006890860
2024-12-04 16:20:20 [1639] auth_cert_success-id=2006890860
2024-12-04 16:20:20 [1068] fnbamd_cert_auth_copy_cert_status-req_id=2006890860
2024-12-04 16:20:20 [1195] fnbamd_cert_auth_copy_cert_status-Cert st 210, req_id=2006890860
2024-12-04 16:20:20 [209] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 2006890860, len=2536
2024-12-04 16:20:20 [1584] destroy_auth_cert_session-id=2006890860
2024-12-04 16:20:20 [1041] fnbamd_cert_auth_uninit-req_id=2006890860
2024-12-04 16:20:43 local auth is done with user 'fgordon', ret=1
2024-12-04 16:20:46 local auth is done with user 'ndempsey', ret=1
# diag debug disable
# diag debug reset
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you run the sslvpn debug while connecting the vpn
just share below output and run it while trying to connect the vpn
diag debug reset
diagnose debug console timestamp en
diagnose vpn ssl debug-filter src-addr4 x.x.x.x - Here x.x.x.x is the public IP of the user connecting.
diag debug appl sslvpn -1
diag debug enable
wait till the VPN disconnect, disable the logs by executing
diag debug disable
diag debug reset
Let us know if this helps.
Salon Raj Joshi
Salon Raj Joshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That s the results after debug . VPN error showed up and I disabled the debug. If it s not I will do it again.
AIRPLUS # 2024-12-04 16:19:37 local auth is done with user 'ylim', ret=1
2024-12-04 16:19:38 local auth is done with user 'paulcv', ret=1
2024-12-04 16:20:20 [2507] handle_req-Rcvd auth_cert req id=2006890860, len=1599, opt=8
2024-12-04 16:20:20 [983] __cert_auth_ctx_init-req_id=2006890860, opt=8
2024-12-04 16:20:20 [992] __cert_auth_ctx_init-OCSP resp is found.
2024-12-04 16:20:20 [103] __cert_chg_st- 'Init'
2024-12-04 16:20:20 [156] fnbamd_cert_load_certs_from_req-3 cert(s) in req.
2024-12-04 16:20:20 [669] __cert_init-req_id=2006890860
2024-12-04 16:20:20 [718] __cert_build_chain-req_id=2006890860
2024-12-04 16:20:20 [273] fnbamd_chain_build-Chain discovery, opt 0x19, cur total 1
2024-12-04 16:20:20 [291] fnbamd_chain_build-Following depth 0
2024-12-04 16:20:20 [336] fnbamd_chain_build-Extend chain by builtin CA cache. (good)
2024-12-04 16:20:20 [291] fnbamd_chain_build-Following depth 1
2024-12-04 16:20:20 [336] fnbamd_chain_build-Extend chain by builtin CA cache. (good)
2024-12-04 16:20:20 [291] fnbamd_chain_build-Following depth 2
2024-12-04 16:20:20 [305] fnbamd_chain_build-Self-sign detected.
2024-12-04 16:20:20 [99] __cert_chg_st- 'Init' -> 'Validation'
2024-12-04 16:20:20 [840] __cert_verify-req_id=2006890860
2024-12-04 16:20:20 [841] __cert_verify-Chain is complete.
2024-12-04 16:20:20 [435] fnbamd_builtin_cert_check-Following cert chain depth 0
2024-12-04 16:20:20 [435] fnbamd_builtin_cert_check-Following cert chain depth 1
2024-12-04 16:20:20 [456] fnbamd_builtin_cert_check-Builtin CRL found: 244b5494
2024-12-04 16:20:20 [435] fnbamd_builtin_cert_check-Following cert chain depth 2
2024-12-04 16:20:20 [471] fnbamd_builtin_cert_check-Certificate status is unchecked.
2024-12-04 16:20:20 [876] __cert_verify_do_next-req_id=2006890860
2024-12-04 16:20:20 [99] __cert_chg_st- 'Validation' -> 'OCSP-Checking'
2024-12-04 16:20:20 [898] __cert_ocsp_check-req_id=2006890860
2024-12-04 16:20:20 [334] fnbamd_verify_ocsp_response-Cert status: GOOD.
2024-12-04 16:20:20 [256] __cert_ocsp_resp_verify-verify_ocsp_response returns 0 -1
2024-12-04 16:20:20 [99] __cert_chg_st- 'OCSP-Checking' -> 'Done'
2024-12-04 16:20:20 [921] __cert_done-req_id=2006890860
2024-12-04 16:20:20 [1683] fnbamd_auth_session_done-Session done, id=2006890860
2024-12-04 16:20:20 [966] __fnbamd_cert_auth_run-Exit, req_id=2006890860
2024-12-04 16:20:20 [1720] create_auth_cert_session-fnbamd_cert_auth_init returns 0, id=2006890860
2024-12-04 16:20:20 [1639] auth_cert_success-id=2006890860
2024-12-04 16:20:20 [1068] fnbamd_cert_auth_copy_cert_status-req_id=2006890860
2024-12-04 16:20:20 [1195] fnbamd_cert_auth_copy_cert_status-Cert st 210, req_id=2006890860
2024-12-04 16:20:20 [209] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 2006890860, len=2536
2024-12-04 16:20:20 [1584] destroy_auth_cert_session-id=2006890860
2024-12-04 16:20:20 [1041] fnbamd_cert_auth_uninit-req_id=2006890860
2024-12-04 16:20:43 local auth is done with user 'fgordon', ret=1
2024-12-04 16:20:46 local auth is done with user 'ndempsey', ret=1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please do it again.
just share below output and run it while trying to connect the vpn
diag debug reset
diagnose debug console timestamp en
diagnose vpn ssl debug-filter src-addr4 x.x.x.x - Here x.x.x.x is the public IP of the user connecting.
diag debug appl sslvpn -1
diag debug enable
wait till the VPN disconnect, disable the logs by executing
diag debug disable
diag debug reset
Let us know if this helps.
Salon Raj Joshi
Salon Raj Joshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did but nothing was seen by debugging.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
run
diag sniff packet any 'host x.x.x.x' 4 0 l >> Here x.x.x.x is the public IP of the user
And then try to connect vpn
this will clear if the traffic is coming to the FGT or not
Let us know if this helps.
Salon Raj Joshi
Salon Raj Joshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nothing changed. too many bad attempts error again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @OkanGemici ,
What type of authentication method are you using? LDAP? Radius? Or something else?
Do you have this issue with SSL VPN login as well?
Regards,
Jerry
Jerry
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,749 -
FortiClient
1,776 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
563 -
FortiSwitch
477 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
323 -
6.2
251 -
SSL-VPN
249 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
208 -
5.0
196 -
FortiNAC
191 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
106 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
98 -
FortiToken
92 -
Firewall policy
84 -
Wireless Controller
81 -
Customer Service
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
Fortivoice
55 -
FortiADC
54 -
vlan
53 -
FortiEDR
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
FortiSOAR
15 -
OSPF
15 -
System settings
15 -
FortiGate v5.0
14 -
Static route
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1737 | |
| 1107 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.