NGFW01 # diagnose debug application sslvpn -1 Debug messages will be on for 30 minutes. NGFW01 # diagnose debug enable NGFW01 # [15932:root:135]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:135]SSL state:before SSL initialization (10.0.10.107) [15932:root:135]SSL state:before SSL initialization:DH lib(10.0.10.107) [15932:root:135]SSL_accept failed, 5:(null) [15932:root:135]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:134]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15933:root:134]SSL state:before SSL initialization (10.0.10.107) [15933:root:134]SSL state:before SSL initialization (10.0.10.107) [15933:root:134]client cert requirement: no [15933:root:134]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS read finished (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15933:root:134]SSL state:SSLv3/TLS write finished (10.0.10.107) [15933:root:134]SSL state:SSL negotiation finished successfully (10.0.10.107) [15933:root:134]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15933:root:134]req: /remote/info [15931:root:136]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:136]SSL state:before SSL initialization (10.0.10.107) [15931:root:136]SSL state:before SSL initialization (10.0.10.107) [15931:root:136]client cert requirement: no [15931:root:136]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS read finished (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15931:root:136]SSL state:SSLv3/TLS write finished (10.0.10.107) [15931:root:136]SSL state:SSL negotiation finished successfully (10.0.10.107) [15931:root:136]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15931:root:136]req: /remote/login [15931:root:136]rmt_web_auth_info_parser_common:470 no session id in auth info [15931:root:136]rmt_web_get_access_cache:804 invalid cache, ret=4103 [15931:root:136]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15931:root:136]get_cust_page:130 saml_info 0 [15933:root:134]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15933:root:134]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15932:root:136]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:136]SSL state:before SSL initialization (10.0.10.107) [15932:root:136]SSL state:before SSL initialization (10.0.10.107) [15932:root:136]client cert requirement: no [15932:root:136]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS read finished (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15932:root:136]SSL state:SSLv3/TLS write finished (10.0.10.107) [15932:root:136]SSL state:SSL negotiation finished successfully (10.0.10.107) [15932:root:136]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15932:root:136]req: /remote/logincheck [15932:root:136]rmt_web_auth_info_parser_common:470 no session id in auth info [15932:root:136]rmt_web_access_check:723 access failed, uri=[/remote/logincheck],ret=4103, [15932:root:136]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15932:root:136]sslvpn_auth_check_usrgroup:2039 forming user/group list from policy. [15932:root:136]sslvpn_auth_check_usrgroup:2145 got user (0) group (1:0). [15932:root:136]sslvpn_validate_user_group_list:1642 validating with SSL VPN authentication rules (1), realm (). [15932:root:136]sslvpn_validate_user_group_list:1690 checking rule 1 cipher. [15932:root:136]sslvpn_validate_user_group_list:1698 checking rule 1 realm. [15932:root:136]sslvpn_validate_user_group_list:1709 checking rule 1 source intf. [15932:root:136]sslvpn_validate_user_group_list:1730 checking rule 1 source address. [15932:root:136]sslvpn_validate_user_group_list:1845 rule 1 done, got user (0:0) group (0:0) peer group (0). [15932:root:136]sslvpn_validate_user_group_list:1963 got user (0:0), group (1:0) peer group (0). [15932:root:136]two factor check for c: off [15932:root:136]sslvpn_authenticate_user:191 authenticate user: [c] [15932:root:136]sslvpn_authenticate_user:198 create fam state [15932:root:136]fam_auth_send_req:583 with server blacklist: [15932:root:136]fam_auth_send_req:711 task finished with 5 [15932:root:136]login_failed:384 user[c],auth_type=0 failed [sslvpn_login_unknown_user] [15932:root:0]dump_one_blocklist:84 status=1;host=10.0.10.107;fails=1;logintime=1593535827 [15931:root:136]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15931:root:136]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:135]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15933:root:135]SSL state:before SSL initialization (10.0.10.107) [15933:root:135]SSL state:before SSL initialization (10.0.10.107) [15933:root:135]client cert requirement: no [15933:root:135]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS read finished (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15933:root:135]SSL state:SSLv3/TLS write finished (10.0.10.107) [15933:root:135]SSL state:SSL negotiation finished successfully (10.0.10.107) [15933:root:135]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15933:root:135]req: /remote/fortisslvpn [15933:root:135]rmt_web_auth_info_parser_common:470 no session id in auth info [15933:root:135]rmt_web_access_check:723 access failed, uri=[/remote/fortisslvpn],ret=4103, [15933:root:135]req: /remote/login [15933:root:135]rmt_web_auth_info_parser_common:470 no session id in auth info [15933:root:135]rmt_web_get_access_cache:804 invalid cache, ret=4103 [15933:root:135]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:135]get_cust_page:130 saml_info 0 [15932:root:136]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15932:root:136][15931:root:137]Destroy sconn 0x7f3885c86f00, connSize=0. (root) allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:137]SSL state:before SSL initialization (10.0.10.107) [15931:root:137]SSL state:before SSL initialization (10.0.10.107) [15931:root:137]client cert requirement: no [15931:root:137]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS read finished (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15931:root:137]SSL state:SSLv3/TLS write finished (10.0.10.107) [15931:root:137]SSL state:SSL negotiation finished successfully (10.0.10.107) [15931:root:137]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15931:root:137]req: /FortiClientSslvpnClearCacheUrl/for/Wini [15931:root:137]def: (nil) /FortiClientSslvpnClearCacheUrl/for/WininetLibrary/1/2/3/4/5/6/7/8/9/0/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t [15932:root:137]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:137]request from http 80 need to redirect. 0 [15932:root:137]client sent request without hostname (see RFC2616 section 14.23): /. [15932:root:137]sslConnGotoNextState:305 error (last state: 1, closeOp: 0) [15932:root:137]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:135]Timeout for connection 0x7f3885c86f00. [15933:root:135]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:137]Timeout for connection 0x7f3885c86f00. [15931:root:137]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:138][15933:root:136]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:138]SSL state:before SSL initialization (10.0.20.52) [15933:root:136]SSL state:before SSL initialization (10.0.20.52) [15933:root:136]client cert requirement: no [15933:root:136]SSL state:SSLv3/TLS read client hello (10.0.20.52) [15933:root:136][15931:root:138]client cert requirement: no [15931:root:138][15933:root:136]SSL state:SSLv3/TLS read client hello (10.0.20.52) [15933:root:136]SSL state:TLSv1.3 early data (10.0.20.52) SSL state:SSLv3/TLS write server hello (10.0.20.52) [15933:root:136]SSL state:TLSv1.3 early data:system lib(10.0.20.52) [15931:root:138]SSL state:SSLv3/TLS write change cipher spec (10.0.20.52) [15931:root:138]SSL state:TLSv1.3 early data (10.0.20.52) [15931:root:138]SSL state:TLSv1.3 early data:system lib(10.0.20.52) [15931:root:138]SSL state:TLSv1.3 early data (10.0.20.52) [15931:root:138]client cert requirement: no [15931:root:138]SSL state:SSLv3/TLS read client hello (10.0.20.52) [15933:root:136]SSL state:TLSv1.3 early data (10.0.20.52) [15933:root:136]client cert requirement: no [15933:root:136]SSL state:SSLv3/TLS read client hello (10.0.20.52) [15931:root:138]SSL state:SSLv3/TLS write server hello (10.0.20.52) [15931:root:138]SSL state:TLSv1.3 write encrypted extensions (10.0.20.52) [15931:root:138]SSL state:SSLv3/TLS write certificate (10.0.20.52) [15931:root:138]SSL state:TLSv1.3 write server certificate verify (10.0.20.52) [15931:root:138]SSL state:SSLv3/TLS write finished (10.0.20.52) [15931:root:138]SSL state:TLSv1.3 early data (10.0.20.52) [15931:root:138]SSL state:TLSv1.3 early data:system lib(10.0.20.52) [15931:root:138]SSL state:fatal certificate unknown (10.0.20.52) [15931:root:138]SSL state:error:(null)(10.0.20.52) [15931:root:138]SSL_accept failed, 1:sslv3 alert certificate unknown [15931:root:138]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:136]SSL state:SSLv3/TLS write server hello (10.0.20.52) [15933:root:136]SSL state:TLSv1.3 write encrypted extensions (10.0.20.52) [15933:root:136]SSL state:SSLv3/TLS write certificate (10.0.20.52) [15933:root:136]SSL state:TLSv1.3 write server certificate verify (10.0.20.52) [15933:root:136]SSL state:SSLv3/TLS write finished (10.0.20.52) [15933:root:136]SSL state:TLSv1.3 early data (10.0.20.52) [15933:root:136]SSL state:fatal certificate unknown (10.0.20.52) [15933:root:136]SSL state:error:(null)(10.0.20.52) [15933:root:136]SSL_accept failed, 1:sslv3 alert certificate unknown [15933:root:136]Destroy sconn 0x7f3885c86f00, connSize=0. (root) NGFW01 # NGFW01 # [15932:root:138]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:138]request from http 80 need to redirect. 0 [15932:root:138]client sent request without hostname (see RFC2616 section 14.23): /. [15932:root:138]sslConnGotoNextState:305 error (last state: 1, closeOp: 0) [15932:root:138]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:0]total sslvpn policy count: 2 [15933:root:0]total sslvpn policy count: 2 [15927:root:0]total sslvpn policy count: 2 [15932:root:0]total sslvpn policy count: 2 [15931:root:0]total sslvpn policy count: 2 [15933:root:0]total sslvpn policy count: 2 [15927:root:0]total sslvpn policy count: 2 [15932:root:0]total sslvpn policy count: 2 [15933:root:137]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15933:root:137]SSL state:before SSL initialization (10.0.10.107) [15933:root:137]SSL state:before SSL initialization:DH lib(10.0.10.107) [15933:root:137]SSL_accept failed, 5:(null) [15933:root:137]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:139]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:139]SSL state:before SSL initialization (10.0.10.107) [15931:root:139]SSL state:before SSL initialization (10.0.10.107) [15931:root:139]client cert requirement: no [15931:root:139]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS read finished (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15931:root:139]SSL state:SSLv3/TLS write finished (10.0.10.107) [15931:root:139]SSL state:SSL negotiation finished successfully (10.0.10.107) [15931:root:139]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15931:root:139]req: /remote/info [15932:root:139]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:139]SSL state:before SSL initialization (10.0.10.107) [15932:root:139]SSL state:before SSL initialization (10.0.10.107) [15932:root:139]client cert requirement: no [15932:root:139]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS read finished (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15932:root:139]SSL state:SSLv3/TLS write finished (10.0.10.107) [15932:root:139]SSL state:SSL negotiation finished successfully (10.0.10.107) [15932:root:139]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15932:root:139]req: /remote/login [15932:root:139]rmt_web_auth_info_parser_common:470 no session id in auth info [15932:root:139]rmt_web_get_access_cache:804 invalid cache, ret=4103 [15932:root:139]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15932:root:139]get_cust_page:130 saml_info 0 [15931:root:139]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15931:root:139]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:138]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15933:root:138]SSL state:before SSL initialization (10.0.10.107) [15933:root:138]SSL state:before SSL initialization (10.0.10.107) [15933:root:138]client cert requirement: no [15933:root:138]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS read finished (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15933:root:138]SSL state:SSLv3/TLS write finished (10.0.10.107) [15933:root:138]SSL state:SSL negotiation finished successfully (10.0.10.107) [15933:root:138]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15933:root:138]req: /remote/logincheck [15933:root:138]rmt_web_auth_info_parser_common:470 no session id in auth info [15933:root:138]rmt_web_access_check:723 access failed, uri=[/remote/logincheck],ret=4103, [15933:root:138]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:138]rmt_logincheck_cb_handler:1189 user 'frank-local' has a matched local entry. [15933:root:138]sslvpn_auth_check_usrgroup:2039 forming user/group list from policy. [15933:root:138]sslvpn_auth_check_usrgroup:2145 got user (0) group (1:0). [15933:root:138]sslvpn_validate_user_group_list:1642 validating with SSL VPN authentication rules (1), realm (). [15933:root:138]sslvpn_validate_user_group_list:1690 checking rule 1 cipher. [15933:root:138]sslvpn_validate_user_group_list:1698 checking rule 1 realm. [15933:root:138]sslvpn_validate_user_group_list:1709 checking rule 1 source intf. [15933:root:138]sslvpn_validate_user_group_list:1730 checking rule 1 source address. [15933:root:138]sslvpn_validate_user_group_list:1845 rule 1 done, got user (0:0) group (0:0) peer group (0). [15933:root:138]sslvpn_validate_user_group_list:1963 got user (0:0), group (1:0) peer group (0). [15933:root:138]two factor check for frank-local: off [15933:root:138]sslvpn_authenticate_user:191 authenticate user: [frank-local] [15933:root:138]sslvpn_authenticate_user:198 create fam state [15933:root:138]fam_auth_send_req:583 with server blacklist: [15933:root:138]fam_auth_send_req_internal:461 fnbam_auth return: 0 [15933:root:138]fam_auth_send_req_internal:470 authentication OK [15933:root:138]fam_do_cb:654 fnbamd return auth success. [15933:root:138]SSL VPN login matched rule (0). [15933:root:138]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:138]rmt_web_session_create:781 create web session, idx[0] [15933:root:138]login_succeeded:523 redirect to hostcheck [15933:root:138]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:138]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=0,auth=1,sid=4ef11373,login=1593536338,access=1593536338,saml_logout_url=no [15933:root:138]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=0,auth=1,sid=4ef11373,login=1593536338,access=1593536338,saml_logout_url=no [15933:root:138]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=0,auth=1,sid=4ef11373,login=1593536338,access=1593536338,saml_logout_url=no [15932:root:139]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15932:root:139]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:13a]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:13a]SSL state:before SSL initialization (10.0.10.107) [15931:root:13a]SSL state:before SSL initialization (10.0.10.107) [15931:root:13a]client cert requirement: no [15931:root:13a]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS read finished (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15931:root:13a]SSL state:SSLv3/TLS write finished (10.0.10.107) [15931:root:13a]SSL state:SSL negotiation finished successfully (10.0.10.107) [15931:root:13a]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15931:root:13a]req: /remote/fortisslvpn [15931:root:13a]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=0,auth=1,sid=4ef11373,login=1593536338,access=1593536338,saml_logout_url=no [15931:root:13a]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=0,auth=1,sid=4ef11373,login=1593536338,access=1593536338,saml_logout_url=no [15932:root:13a]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:13a]SSL state:before SSL initialization (10.0.10.107) [15932:root:13a]SSL state:before SSL initialization (10.0.10.107) [15932:root:13a]client cert requirement: no [15932:root:13a]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15933:root:138]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15933:root:138]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15932:root:13a]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS read finished (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15932:root:13a]SSL state:SSLv3/TLS write finished (10.0.10.107) [15932:root:13a]SSL state:SSL negotiation finished successfully (10.0.10.107) [15932:root:13a]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15932:root:13a]req: /FortiClientSslvpnClearCacheUrl/for/Wini [15932:root:13a]def: (nil) /FortiClientSslvpnClearCacheUrl/for/WininetLibrary/1/2/3/4/5/6/7/8/9/0/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t [15932:root:13a]Timeout for connection 0x7f3885c86f00. [15932:root:13a]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:13a]Timeout for connection 0x7f3885c86f00. [15931:root:13a]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:139]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15933:root:139]SSL state:before SSL initialization (10.0.10.107) [15933:root:139]SSL state:before SSL initialization:DH lib(10.0.10.107) [15933:root:139]SSL_accept failed, 5:(null) [15933:root:139]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:13b]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:13b]SSL state:before SSL initialization (10.0.10.107) [15931:root:13b]SSL state:before SSL initialization (10.0.10.107) [15931:root:13b]client cert requirement: no [15931:root:13b]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS read finished (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15931:root:13b]SSL state:SSLv3/TLS write finished (10.0.10.107) [15931:root:13b]SSL state:SSL negotiation finished successfully (10.0.10.107) [15931:root:13b]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15931:root:13b]req: /remote/info [15932:root:13b]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:13b]SSL state:before SSL initialization (10.0.10.107) [15932:root:13b]SSL state:before SSL initialization (10.0.10.107) [15932:root:13b]client cert requirement: no [15932:root:13b]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS read finished (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15932:root:13b]SSL state:SSLv3/TLS write finished (10.0.10.107) [15932:root:13b]SSL state:SSL negotiation finished successfully (10.0.10.107) [15932:root:13b]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15932:root:13b]req: /remote/login [15932:root:13b]rmt_web_auth_info_parser_common:470 no session id in auth info [15932:root:13b]rmt_web_get_access_cache:804 invalid cache, ret=4103 [15932:root:13b]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15932:root:13b]get_cust_page:130 saml_info 0 [15931:root:13b]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15931:root:13b]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15933:root:13a]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15933:root:13a]SSL state:before SSL initialization (10.0.10.107) [15933:root:13a]SSL state:before SSL initialization (10.0.10.107) [15933:root:13a]client cert requirement: no [15933:root:13a]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write server done (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS read finished (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15933:root:13a]SSL state:SSLv3/TLS write finished (10.0.10.107) [15933:root:13a]SSL state:SSL negotiation finished successfully (10.0.10.107) [15933:root:13a]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15933:root:13a]req: /remote/logincheck [15933:root:13a]rmt_web_auth_info_parser_common:470 no session id in auth info [15933:root:13a]rmt_web_access_check:723 access failed, uri=[/remote/logincheck],ret=4103, [15933:root:13a]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:13a]rmt_logincheck_cb_handler:1189 user 'frank-local' has a matched local entry. [15933:root:13a]sslvpn_auth_check_usrgroup:2039 forming user/group list from policy. [15933:root:13a]sslvpn_auth_check_usrgroup:2145 got user (0) group (1:0). [15933:root:13a]sslvpn_validate_user_group_list:1642 validating with SSL VPN authentication rules (1), realm (). [15933:root:13a]sslvpn_validate_user_group_list:1690 checking rule 1 cipher. [15933:root:13a]sslvpn_validate_user_group_list:1698 checking rule 1 realm. [15933:root:13a]sslvpn_validate_user_group_list:1709 checking rule 1 source intf. [15933:root:13a]sslvpn_validate_user_group_list:1730 checking rule 1 source address. [15933:root:13a]sslvpn_validate_user_group_list:1845 rule 1 done, got user (0:0) group (0:0) peer group (0). [15933:root:13a]sslvpn_validate_user_group_list:1963 got user (0:0), group (1:0) peer group (0). [15933:root:13a]two factor check for frank-local: off [15933:root:13a]sslvpn_authenticate_user:191 authenticate user: [frank-local] [15933:root:13a]sslvpn_authenticate_user:198 create fam state [15933:root:13a]fam_auth_send_req:583 with server blacklist: [15933:root:13a]fam_auth_send_req_internal:461 fnbam_auth return: 0 [15933:root:13a]fam_auth_send_req_internal:470 authentication OK [15933:root:13a]fam_do_cb:654 fnbamd return auth success. [15933:root:13a]SSL VPN login matched rule (0). [15933:root:13a]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:13a]rmt_web_session_create:781 create web session, idx[1] [15933:root:13a]login_succeeded:523 redirect to hostcheck [15933:root:13a]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}]) [15933:root:13a]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=1,auth=1,sid=5601df53,login=1593536365,access=1593536365,saml_logout_url=no [15933:root:13a]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=1,auth=1,sid=5601df53,login=1593536365,access=1593536365,saml_logout_url=no [15933:root:13a]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=1,auth=1,sid=5601df53,login=1593536365,access=1593536365,saml_logout_url=no [15932:root:13b]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15932:root:13b]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15931:root:13c]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15931:root:13c]SSL state:before SSL initialization (10.0.10.107) [15931:root:13c]SSL state:before SSL initialization (10.0.10.107) [15931:root:13c]client cert requirement: no [15931:root:13c]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write server done (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS read finished (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15931:root:13c]SSL state:SSLv3/TLS write finished (10.0.10.107) [15931:root:13c]SSL state:SSL negotiation finished successfully (10.0.10.107) [15931:root:13c]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15931:root:13c]req: /remote/fortisslvpn [15931:root:13c]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=1,auth=1,sid=5601df53,login=1593536365,access=1593536365,saml_logout_url=no [15931:root:13c]deconstruct_session_id:426 decode session id ok, user=[frank-local],group=[VPN-Users_Local],authserver=[],portal=[Full access],host=[10.0.10.107],realm=[],idx=1,auth=1,sid=5601df53,login=1593536365,access=1593536365,saml_logout_url=no [15933:root:13a]sslvpn_read_request_common,648, ret=-1 error=-1, sconn=0x7f3885c86f00. [15933:root:13a]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15932:root:13c]allocSSLConn:289 sconn 0x7f3885c86f00 (0:root) [15932:root:13c]SSL state:before SSL initialization (10.0.10.107) [15932:root:13c]SSL state:before SSL initialization (10.0.10.107) [15932:root:13c]client cert requirement: no [15932:root:13c]SSL state:SSLv3/TLS read client hello (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write server hello (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write certificate (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write key exchange (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write server done:system lib(10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write server done (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS read client key exchange (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS read change cipher spec (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS read finished (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write session ticket (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write change cipher spec (10.0.10.107) [15932:root:13c]SSL state:SSLv3/TLS write finished (10.0.10.107) [15932:root:13c]SSL state:SSL negotiation finished successfully (10.0.10.107) [15932:root:13c]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [15932:root:13c]req: /FortiClientSslvpnClearCacheUrl/for/Wini [15932:root:13c]def: (nil) /FortiClientSslvpnClearCacheUrl/for/WininetLibrary/1/2/3/4/5/6/7/8/9/0/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t [15931:root:0]sslvpn_internal_remove_one_web_session:2848 web session (root:frank-local:VPN-Users_Local:10.0.10.107:0 1) removed for tunnel connection setup timeout [15931:root:13c]Timeout for connection 0x7f3885c86f00. [15931:root:13c]Destroy sconn 0x7f3885c86f00, connSize=0. (root) [15932:root:13c]Timeout for connection 0x7f3885c86f00. [15932:root:13c]Destroy sconn 0x7f3885c86f00, connSize=0. (root) NGFW01 # diagnose debug disable NGFW01 # diagnose debug reset