Since last week, we observed a lot of failed SSL-VPN login events on various FortiGate setups.
Most of the administrators saw a rised number of the following log messages in the «VPN Event Log» on the FortiGate / FortiAnalyzer.
And no, there’s no spelling mistakes in the title… That’s the way the log message is named:
date=2021-08-23 time=11:22:33 logid="0101039426" type="event" subtype="vpn" level="alert" vd="root" eventtime=1629710539 logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=188.8.131.52 user="administrador" group="N/A" dst_host="N/A" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in"
«FortiGate lots of «SSL user failed to logged in» events» weiterlesen
16 total views, 16 views today
FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.
The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient.
«FortiWeb v6.4.0 and Let’s Encrypt» weiterlesen
So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.
3 total views, 3 views today
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with «self-signed» only):
config system global
«What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI» weiterlesen
set admin-server-cert "self-signed"