After SSL-VPN Webmode authentication, https bookmark login fails.

Harunobu-Takahashi · ‎01-20-2024

After SSL-VPN Webmode authentication, https bookmark login fails.
After a failure, the login screen will be displayed again.
I can log in correctly on the http bookmark login site.
I will add debugging, so if you have knowledge please help.

Equipment used: FG60E
Version: 7.0.10

FortiGate-60E #
FortiGate-60E # diag debug enable

FortiGate-60E # [210:root:d1]req: /remote/logincheck <----------------SSL-VPN Login
[210:root:d1]rmt_web_auth_info_parser_common:492 no session id in auth info
[210:root:d1]rmt_web_access_check:760 access failed, uri=[/remote/logincheck],ret=4103,
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]rmt_logincheck_cb_handler:1283 user 'user01' has a matched local entry.
[210:root:d1]sslvpn_auth_check_usrgroup:2967 forming user/group list from policy.
[210:root:d1]sslvpn_auth_check_usrgroup:3013 got user (0) group (1:0).
[210:root:d1]sslvpn_validate_user_group_list:1851 validating with SSL VPN authentication rules (1), realm ().
[210:root:d1]sslvpn_validate_user_group_list:1971 checking rule 1 cipher.
[210:root:d1]sslvpn_validate_user_group_list:1979 checking rule 1 realm.
[210:root:d1]sslvpn_validate_user_group_list:1990 checking rule 1 source intf.
[210:root:d1]sslvpn_validate_user_group_list:2029 checking rule 1 vd source intf.
[210:root:d1]sslvpn_validate_user_group_list:2571 rule 1 done, got user (0:0) group (1:0) peer group (0).
[210:root:d1]sslvpn_validate_user_group_list:2865 got user (0:0), group (1:0) peer group (0).
[210:root:d1]sslvpn_update_user_group_list:1793 got user (0:0), group (1:0), peer group (0) after update.
[210:root:d1]two factor check for user01: off
[210:root:d1]sslvpn_authenticate_user:183 authenticate user: [user01]
[210:root:d1]sslvpn_authenticate_user:197 create fam state
[210:root:d1][fam_auth_send_req_internal:426] Groups sent to FNBAM:
[210:root:d1]group_desc[0].grpname = IaaS-User
[210:root:d1][fam_auth_send_req_internal:438] FNBAM opt = 0X200400
[210:root:d1]fam_auth_send_req_internal:514 fnbam_auth return: 0
[210:root:d1][fam_auth_send_req_internal:539] Authenticated groups (1) by FNBAM with auth_type (1):
[210:root:d1]Received: auth_rsp_data.grp_list[0] = 2
[210:root:d1]fam_auth_send_req_internal:563 found node IaaS-User:0:, valid:1, auth:0
[210:root:d1]Validated: auth_rsp_data.grp_list[0] = IaaS-User
[210:root:d1][fam_auth_send_req_internal:652] The user user01 is authenticated.
[210:root:d1]fam_do_cb:665 fnbamd return auth success.
[210:root:d1]SSL VPN login matched rule (1).
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]rmt_web_session_create:1209 create web session, idx[0]
[210:root:d1]req: /remote/hostcheck_install?auth_type=1&us
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /sslvpn/portal.html
[210:root:d1]mza: 0x18c32a8 /sslvpn/portal.html
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][212:root:ce]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[212:root:ce]req: /d9116ac2a726d5e0d9386cf7a6da16c2/styles
mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/aes.js
[211:root:d0][212:root:ce]mza: 0x18c3268 /d9116ac2a726d5e0d9386cf7a6da16c2/styles.css
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/common.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[210:root:d2]allocSSLConn:307 sconn 0x54939500 (0:root)
[212:root:d0]mza: 0x18c3258 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/js/sslvpn_util.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d2]SSL state:before SSL initialization (10.0.0.12)
[210:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d0][210:root:d2]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[210:root:d2][211:root:d0]client cert requirement: no
mza: 0x18c3260 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/css/main.css
[210:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d1][212:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/css/le
[212:root:d1]mza: 0x18c3228 /d9116ac2a726d5e0d9386cf7a6da16c2/css/legacy-main.css
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.bundle.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]no SNI received
[210:root:d2]client cert requirement: no
[210:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[210:root:d2]SSL state:SSLv3/TLS write finished (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[210:root:d2]SSL state:error:(null)(10.0.0.12)
[210:root:d2]SSL_accept failed, 1:sslv3 alert certificate unknown
[210:root:d2]Destroy sconn 0x54939500, connSize=1. (root)
[210:root:d1]req: /api/v2/static/fweb_build.json
[210:root:d1]mza: 0x18c32c0 /api/v2/static/fweb_build.json
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /remote/portal?access=admin
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /remote/portal
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/lang/x
[212:root:d0]mza: 0x18c3278 /d9116ac2a726d5e0d9386cf7a6da16c2/lang/x-sjis.json
req: /d9116ac2a726d5e0d9386cf7a6da16c2/js/leg
[210:root:d1]mza: 0x18c3330 /d9116ac2a726d5e0d9386cf7a6da16c2/js/legacy_theme_setup.js
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-1.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-2.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
req: /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn
[212:root:d0]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-4.js
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3270 /d9116ac2a726d5e0d9386cf7a6da16c2/sslvpn/ng/portal.chunk-3.js
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]req: /remote/portal/bookmarks
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/
req: /d9116ac2a726d5e0d9386cf7a6da16c2/lato-b
[212:root:d0]def: 0x18c3240 /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/fa-icons.woff
[212:root:d1]req: /d9116ac2a726d5e0d9386cf7a6da16c2/lato-r
def: 0x18c3368 /d9116ac2a726d5e0d9386cf7a6da16c2/lato-bold.woff2
[212:root:d1]def: 0x18c3320 /d9116ac2a726d5e0d9386cf7a6da16c2/lato-regular.woff2
[212:root:d0]req: /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/
[212:root:d0]def: 0x18c3240 /d9116ac2a726d5e0d9386cf7a6da16c2/fonts/ftnt-icons.woff

FortiGate-60E #
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [212:root:d0]req: /remote/web_service?bmgroup=gui-bookmark <------------https site bookmark click
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:0]make_proxy_url:79 proxy url :/proxy/4f6d056c/https/Z67cc6fdf618032cb5b81ef933da7b7ba/index.html
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]sslvpn_policy_match:2626 checking web session
[212:root:d0]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d0]policy_match_check:125 checking policy 2 for incoming policy (iif: 5)
[212:root:d0]policy_match_check:128 checking schedule
[212:root:d0]policy_match_check:135 checking authgrp
[212:root:d0]policy_match_check:144 checking services
[212:root:d0]check_policy_svr:742 service check ok
[212:root:d0]policy_match_check:153 checking ssl mode
[212:root:d0]policy_match_check:158 checking oif admin access
[212:root:d0]policy_match_check:166 checking oif
[212:root:d0]check_pol_oif:850 checking oif to 192.168.1.220
[212:root:d0]check_pol_oif:857 checking internal(0x5fe5198)
[212:root:d0]policy_match_check:177 checking address
[212:root:d0]policy_match_check:203 policy id: 2, policy position: 1, policy action: accept, address matched: 1
[212:root:d0]policy_match_check:220 selected policy id: 2, policy position: 1, policy action: accept
[212:root:d0]policy_match_check:233 return 0
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]3 0x54939500,ssl=0x55201000,(nil),connect to 192.168.1.220:443.
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /index.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]req: /remote/sslvpn_support.js
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d0]req: /sslvpn/js/sslvpn_util.js
[212:root:d1][211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
mza: 0x18c3258 /sslvpn/js/sslvpn_util.js
req: /sslvpn/js/aes.js
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]mza: 0x18c3258 /sslvpn/js/aes.js
[212:root:ce]req: /sslvpn/js/sslvpn.js
[210:root:d1][212:root:ce]mza: 0x18c3258 /sslvpn/js/sslvpn.js
[211:root:d2]allocSSLConn:307 sconn 0x54939a00 (0:root)
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2]no SNI received
[211:root:d2]client cert requirement: no
[211:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d1]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d2][212:root:d1]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0][212:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]sslvpn_policy_match:2626 checking web session
[212:root:d1]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d1]sslvpn_policy_match:2651 policy check cache found [accept]
req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]sslvpn_policy_match:2626 checking web session
[211:root:d0]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d1][211:root:d0]3 0x54939a00,ssl=0x54947000,(nil),connect to 192.168.1.220:443.
sslvpn_policy_match:2651 policy check cache found [accept]
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]2 0x55344b00,ssl=0x55201000,(nil),connect to 192.168.1.220:443.
deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1][211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
sslvpn_policy_match:2626 checking web session
[211:root:d2]no SNI received
[211:root:d2][212:root:ce]client cert requirement: no
req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d1][212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:ce][210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
sslvpn_policy_match:2651 policy check cache found [accept]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]sslvpn_policy_match:2626 checking web session
[212:root:ce]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:ce]sslvpn_policy_match:2651 policy check cache found [accept]
1 0x55344b00,ssl=0x54a2b000,(nil),connect to 192.168.1.220:443.
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]3 0x54939000,ssl=0x55203000,(nil),connect to 192.168.1.220:443.
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /javascript/angular-1.7.9/angular-route.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d1]0x54939a00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d1]0x54939a00 doSSLConnect() cookie out:
[212:root:d1]0x54939a00 fsv_output_req_headers() send header:
GET /css/icon_styles_ciscologo.css HTTP/1.1
Host: 192.168.1.220
Accept: text/css,*/*;q=0.1
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[210:root:d1]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[210:root:d1]0x55344b00 doSSLConnect() cookie out:
[210:root:d1]0x55344b00 fsv_output_req_headers() send header:
GET /javascript/jquery.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d0]0x54939500 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d0]0x54939500 doSSLConnect() cookie out:
[212:root:d0]0x54939500 fsv_output_req_headers() send header:
GET /javascript/controllers/rfdashboard.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[211:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[211:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[211:root:d2][212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
SSL state:SSLv3/TLS write finished (10.0.0.12)
[211:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /javascript/angular-1.7.9/angular.min.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d2]allocSSLConn:307 sconn 0x55344b00 (0:root)
[211:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[212:root:d2]SSL state:before SSL initialization (10.0.0.12)
[212:root:d2]SSL state:before SSL initialization (10.0.0.12)
[211:root:d2][212:root:d2]no SNI received
[212:root:d2]client cert requirement: no
SSL state:error:(null)(10.0.0.12)
SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d2][212:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d2][212:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]no SNI received
[212:root:d2]client cert requirement: no
[212:root:d2]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d0]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[211:root:d0]0x55344b00 doSSLConnect() cookie out:
[211:root:d0]0x55344b00 fsv_output_req_headers() send header:
GET /css/login.css HTTP/1.1
Host: 192.168.1.220
Accept: text/css,*/*;q=0.1
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[211:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[211:root:d0]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[211:root:d0]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[211:root:d0]0x55344b00 doSSLConnect() cookie out:
[211:root:d0]0x55344b00 fsv_output_req_headers() send header:
GET /javascript/translate.js?ver=8.10.162.0 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[211:root:d0]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d2]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write finished (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS read finished (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d2]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d2]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /css/fonts/ciscologo/ciscologo.woff?fpxgk6 HTTP/1.1
Host: 192.168.1.220
Accept: */*
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Origin: https://192.168.1.220
Referer: https://192.168.1.220/css/icon_styles_ciscologo.css
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /nls/ApplicationProperties-ja.json HTTP/1.1
Host: 192.168.1.220
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Requested-With: XMLHttpRequest
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]req: /favicon.ico
[212:root:ce]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:ce]0x54939000 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:ce]0x54939000 doSSLConnect() cookie out:
[212:root:ce]0x54939000 fsv_output_req_headers() send header:
GET /favicon.ico HTTP/1.1
Host: 192.168.1.220
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:ce]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:ce]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:ce]Destroy sconn 0x54939000, connSize=3. (root)
[212:root:ce]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [210:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5 <---------Click the login button on the https site
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[210:root:d1]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[210:root:d1]0x55344b00 doSSLConnect() cookie out:
[210:root:d1]0x55344b00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[210:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[210:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[210:root:d1]Destroy sconn 0x55344b00, connSize=0. (root)
[210:root:d1]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E # <------------Enter https site ID/PASS
FortiGate-60E # [212:root:d1]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d1]0x54939a00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d1]0x54939a00 doSSLConnect() cookie out:
[212:root:d1]0x54939a00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Authorization: Basic YWRtaW46VG1jLWlkY3MyMDE3
Cache-Control: max-age=0
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d0]epollAddPending:538
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
[211:root:d0][212:root:d0]epollAddPending:538
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
epollFdHandler:653 s: 0x54939500 event: 0x1
[211:root:d0][212:root:d0]epollFdHandler:653 s: 0x55344b00 event: 0x1
Destroy sconn 0x54939500, connSize=2. (root)
[211:root:d0]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d0][211:root:d0]SSL state:warning close notify (10.0.0.12)
SSL state:warning close notify (10.0.0.12)
[212:root:d1]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d1]Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d1]SSL state:warning close notify (10.0.0.12)
[212:root:d2]Timeout for connection 0x55344b00.

[212:root:d2]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d2]SSL state:warning close notify (10.0.0.12)

FortiGate-60E # <------------The https site ID/Pass input screen is displayed again.
FortiGate-60E #
FortiGate-60E #
FortiGate-60E # [210:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
[211:root:d3][210:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
SSL state:before SSL initialization (10.0.0.12)
[210:root:d3]SSL state:before SSL initialization (10.0.0.12)
SSL state:before SSL initialization (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:before SSL initialization (10.0.0.12)
no SNI received
[210:root:d3]client cert requirement: no
[210:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d3]no SNI received
[211:root:d3]client cert requirement: no
[211:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[210:root:d3]no SNI received
[210:root:d3]client cert requirement: no
[210:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]no SNI received
[211:root:d3]client cert requirement: no
[211:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[210:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[210:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[210:root:d3]SSL state:fatal certificate unknown (10.0.0.12)
[211:root:d3][210:root:d3]SSL state:error:(null)(10.0.0.12)
[210:root:d3]SSL_accept failed, 1:sslv3 alert certificate unknown
[210:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
SSL state:SSLv3/TLS write certificate (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[211:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[211:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[211:root:d3]SSL state:fatal certificate unknown (10.0.0.12)
[211:root:d3]SSL state:error:(null)(10.0.0.12)
[211:root:d3]SSL_accept failed, 1:sslv3 alert certificate unknown
[211:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d3]allocSSLConn:307 sconn 0x55344b00 (0:root)
[212:root:d3]SSL state:before SSL initialization (10.0.0.12)
[212:root:d3]SSL state:before SSL initialization (10.0.0.12)
[212:root:d3]no SNI received
[212:root:d3]client cert requirement: no
[212:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write change cipher spec (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]no SNI received
[212:root:d3]client cert requirement: no
[212:root:d3]SSL state:SSLv3/TLS read client hello (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write server hello (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 write encrypted extensions (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write certificate (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 write server certificate verify (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write finished (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data:system lib(10.0.0.12)
[212:root:d3]SSL state:TLSv1.3 early data (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS read finished (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d3]SSL state:SSLv3/TLS write session ticket (10.0.0.12)
[212:root:d3]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[212:root:d3]req: /proxy/4f6d056c/https/Z67cc6fdf618032cb5
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]sslvpn_policy_match:2626 checking web session
[212:root:d3]remote_ip=[10.0.0.12], user=[user01], iif=5, auth=1, dsthost=[192.168.1.220], portal=[web-access] realm=[(null)], dst=192.168.1.220, dport=443, service=[https]
[212:root:d3]sslvpn_policy_match:2651 policy check cache found [accept]
[212:root:d3]deconstruct_session_id:709 decode session id ok, user=[user01], group=[IaaS-User],authserver=[],portal=[web-access],host[10.0.0.12],realm=[],csrf_token=[73448246C7BF8996254681CF8416CC5],idx=0,auth=1,sid=4f6d0569,login=1705820159,access=1705820159,saml_logout_url=no,pip=no,grp_info=[hByFt6],rmt_grp_info=[]
[212:root:d3]1 0x55344b00,ssl=0x548cd000,(nil),connect to 192.168.1.220:443.
[212:root:d3]0x55344b00 doSSLConnect() cookie in: SVPNCOOKIE=TEElsLZIyJfu6ZLuXxC4aumvN0GWdsskINmFiXtQY/l/Aq7fc1Z0vvMAtDJCBQTfMtyQaSVUMyUIJt5irI8jg7uVDuhT319XB+CPYO1jb0OPoVyocVJ2aEDgIl6027Xj2G8vtEXiZodTD463rYMo7R5V5ZPbROxwUwzZgyfJorN/X48YzgN12DCTCmE0HRwC5oIXuv92ojzpbRI7WdkpLS/r6/cN+/H5VOBNOCh9MbJH5CoAkZXHEEsT20/CUJezUgGGA6CQ7pDlsQkTyC8HQOmBOYykEOwpGRb1sn8DiUiwBcs=
[212:root:d3]0x55344b00 doSSLConnect() cookie out:
[212:root:d3]0x55344b00 fsv_output_req_headers() send header:
GET /screens/preframeset.html HTTP/1.1
Host: 192.168.1.220
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: ja,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
Authorization: Basic YWRtaW46VG1jLWlkY3MyMDE3
Cache-Control: max-age=0
Referer: https://192.168.1.220/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
X-Forwarded-For: 10.0.0.12
Accept-Encoding: gzip, deflate

[212:root:d3]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
[212:root:d3]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d3]Destroy sconn 0x55344b00, connSize=0. (root)
[212:root:d3]SSL state:warning close notify (10.0.0.12)

FortiGate-60E #
FortiGate-60E #
FortiGate-60E # diag debug enabledisable

FortiGate-60E # exit

Harunobu-Takahashi · ‎02-12-2024

Sorry for the late reply.

I would like to inform you that I was able to achieve my goal by switching to a network authentication method using a captive portal without using an SSL-VPN portal.

thank you.

View solution in original post

Anthony_E · ‎01-23-2024

Hello Harunobu,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

hbac · ‎01-24-2024

Hi @Harunobu-Takahashi,

Is your bookmark configured for internal or external website? Does it redirect to another URL for authentication?

Regards,

Harunobu-Takahashi · ‎01-24-2024

Hi, HBAC

Thank you for looking into it.
The website is located internally.
Authentication is performed on the website and is not redirected externally.

Although this is not the content of the Debug I presented, the purpose is to connect to the vCenter server using SSL-VPN.

dbu · ‎01-24-2024

Just to add more user authentication seems to pass , but I see these errors related to SSL Certificate :

[210:root:d2]SSL state:fatal certificate unknown (10.0.0.12)
[210:root:d2]SSL state:error:(null)(10.0.0.12)
[210:root:d2]SSL_accept failed, 1:sslv3 alert certificate unknown

[212:root:d1]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[212:root:d1]Destroy sconn 0x54939a00, connSize=1. (root)
[212:root:d1]SSL state:warning close notify (10.0.0.12)

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

hbac · ‎01-26-2024

@Harunobu-Takahashi,

I would suggest upgrading the firmware to 7.0.13 and if the issue persists, you can try to delete and recreate the bookmark.

Regards,

Harunobu-Takahashi · ‎01-28-2024

I tried updating the firmware to 7.0.13, but it did not resolve the issue. What part do you mean by deleting bookmarks?

hbac · ‎01-29-2024

@Harunobu-Takahashi,

I mean deleting and recreating the bookmark on the FortiGate under SSLVPN portal.

Regards,

AEK · ‎01-25-2024

@Harunobu-Takahashi, try update to 7.0.13 as it will probably fix the issue.

In fact according to release notes we can see the below info that look close to your description:

7.0.11 fixes the following issue:

746230  SSL VPN web mode cannot display certain websites that are internal bookmarks.
825750  VMware vCenter bookmark in not working after logging in to SSL VPN web mode.
831069  A blank page displayed after logging in to the back-end server in SSL VPN web mode.

7.0.12 fixes the following issue:

781581  Customer internal website is not shown correctly in SSL VPN web mode.
868491  SSL VPN web mode connection to VMware vCenter 7 is not working.
873995  Problem with the internal website using SSL VPN web mode.

7.0.13 fixes the following issue:

871229  SSL VPN web mode does not load when connecting to customer's internal site.
875167  Webpage opened in SSL VPN web portal is not displayed correctly.
881220  Found bad login for SSL VPN web-based access when enabling URL obscuration.
897385  Internal website keeps asking for credential with SSL VPN web mode.
933985  FortiGate as SSL VPN client does not work on NP6 and NP6XLite devices.

AEK

Harunobu-Takahashi · ‎01-28-2024

I tried 7.0.13, but it didn't solve the problem.
I will try to see if the issue can be resolved on the vCenter side.
We believe that the problem is related to the certificate.