Description |
This article describes why the log message shows that the SSL-VPN login failed with tunnel type=ssl-web when the user logs in from FortiClient |
Scope | |
Solution |
1)Sometimes, It is possible to notice that whenever a FortiClient user fails to login, the log is showing that the user is trying to log in to ssl-web instead of ssl-tunnel.
date=2021-03-26 time=18:27:41 eventtime=1616754461306886988 tz="+0800" logid="0101039426" type="event" subtype="vpn" level="alert" vd="root" logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=192.168.244.156 user="test" group="N/A" dst_host="N/A" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" 2) This is because when the tunnel mode/FortiClient is initiated, the traffic first hits the URL over HTTPS, therefore, until the login is successful the firewall tracks it as ssl-web mode.
3) Upon successful tunnel establishment, a separate log being generated will be visible and the tunnel type will be ssl-tunnel:
date=2021-03-26 time=18:36:08 eventtime=1616754969229860842 tz="+0800" logid="0101039947" type="event" subtype="vpn" level="information" vd="root" logdesc="SSL VPN tunnel up" action="tunnel-up" tunneltype="ssl-tunnel" tunnelid=856124655 remip=192.168.244.156 tunnelip=10.212.134.200 user="test" group="split-tunnel" dst_host="N/A" reason="tunnel established" msg="SSL tunnel established" |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.