Hello
SSL VPN User Multiple connections have been disconnected for several days.
I have 2 suspected logs, can I know the cause or solution?
- auth-logout
- auth-timeout
There is also a session time out that defaults at 8 hours, so after 8 hours sslvpn disconnects
We seem to be having the same issue. Been trying to track client vpn longs to find common errors but so far nothings been of any help. It’s incredibly frustrating and our users are getting pretty fed up with it. If you find anything please let me know.
So far my working guess (and it’s a total guess) is that the auth-timeout isn’t getting reset correctly when a user logs in for the day and the system is treating a single users auth as everyone’s and kicking everyone to force a reset.
Edit: We are on Firmware v6.4.11 build 2030, and most of our clients are moved onto Forticlient 6.4.9 to 7.0.7. I know that it’s recommended to stick with the same client as your firmware, but we’ve had too many issues and have been trying updated clients to see if that helps.
Are you using FortiClientEMS server?
We were having the same exact issue you described. My firewall was running 6.4.11. I was wondering if it was a DNS issue (isn’t it always DNS?). I opened a support ticket with Fortinet but after doing a remote session for about 30-40 minutes the tech couldn’t find anything that might have been causing it, and it’s hard to diagnose unless it’s happening at that moment. The tech said I could leave a debug session running (from a computer or laptop, not from the firewall CLI) and hopefully, if the issue occurred again I’d have some debug info to send back to him. He also suggested I open a new ticket with the FortiClientEMS support group, in case the issue was related to FortiClientEMS.
However, before doing ANY of that, I had an available maintenance window so I figured I would try rebooting the firewall and see if that fixed it. The reboot seemed to resolve the issue but I can’t say for certain because 2 days after that (i.e. this past weekend) I upgraded that same firewall to 7.0.9. (I didn’t upgrade to try to resolve this issue - I had already planned on upgrading it. This VPN disconnect issue just happened to start right before my planned upgrade.)
I’d be curious to know if your firewall is running 6.4.11 and if you are also using FortiClientEMS.
The version is 6.2.4.
I checked out the comments.
6.4.11 is the most common, but the same problem appears to have occurred in multiple versions.
I don’t know if I should judge it’s not a version issue or what the cause is…
Last time something like this happened to me, it was a bug that caused vpn ssl daemon to restart when the firewall updated the root certificates, but this was way back in 6.0.x days.
Maybe something is restarting your vpn ssl process?
As a workaround back then I set fortiguard to only update once a day at around 4am or so.
Which version are you on?
Also do you by chance have multiple attempts from unauthorized sources attempting to hit you SSLVPN interface?
We were experiencing a similar issue with constant, random SSL VPN disconnections all day. This started occurring after upgrading to 7.0.9. After ripping my hair out for a few days, it turned out there was a new feature for SD-Wan called Performance SLAs that has an option to “Update static route” depending on the thresholds that are set.
Not sure if it’s your issue, but worth a check. Network > SD-Wan > Performance SLA > check the different policies and uncheck “Update static route”
We are having this issue on 6.2.12 (latest version) and forticlient 6.0.5/6.0.10. Please provide the versions you’re having issues with!
Jump to seven code. #IXST
I have issues with .11 where certain device will not connect unless I rebooted the fw or change certificates. I think they introduced some bugs when they fixed the vulnerabilities. We are sslvpn only right now though so not sure if it’s effecting the ems portion.
One thing I noticed this week is we were getting absolutely hammered by constant attempts from Russian IPs. I was able to block all access outside the US and the attempts stopped. Not 100% confident just yet as the attempts started on 12/18, and our issues have been going on since before that, but I wonder if we were getting DDOSd a bit as a result of the attacks. We were getting a failed logon attempt every 3-20 seconds.
Are your logs showing a lot of failed logon activity?
At this point I’m starting to feel the issue is a very complex one where there’s several different issues factoring in. Additionally I believe I saw in the patch notes for some of the 7.X notes that some SSL issues were resolved. I think that’s my next step.
I will be messaging you in 7 days on 2023-01-23 02:15:04 UTC to remind you of this link
3 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) ^(delete this message to hide from others.)