Hello, I have a nasty problem with a customer.

I upgraded their Fortigate 200B cluster from 5.2.3 via 5.2.5 to 5.2.7

Then the sslvpn tunnel mode doesn't work anymore. I tried to fix this but with no luck so far (and I am still waiting for Fortinet support to have an answer). In the meantime I upgraded to 5.2.8, hoping this would solve it (release notes show a lot -though not that relevant- sslvpn fixes)

What happens is that user doesn't get an ip, debug says:

3:root:12596]rmt_tunnel.c,sslvpn_tunnel_handler,49, Calling rmt_conn_access_ex. [73:root:12596]rmt_websession.c:342 decode session id ok, user=[userabcd@abc.nl],group=[ldap-vpn-admin],portal=[full-access],host=[10.31.131.25],realm=[],idx=0,auth=16,login=1473756351 [73:root:12596]rmt_tunnel.c,sslvpn_tunnel_handler,151, Calling tunnel. [73:root:12596]tunnel_state.c:1266 0x424a9e00:0x424aa100 sslvpn user[userabcd@abc.nl],type 16,logintime 0 vd 0 [73:root:12596]tunnel_state.c:1294 [style="background-color: #ffff00;"]no more IP address available.[/style]

[style="background-color: #ffffff;"]I have reviewed all settings (ip pools), restarted sslvpn daemon, but no luck.[/style]

[style="background-color: #ffffff;"]Customer wants to downgrade to 5.2.3 now (it takes 2,5 days with Fortinet support already) but that's not so easy and actually not wise ...[/style]

[style="background-color: #ffffff;"]Anyone who experienced same issues and know an answer?[/style]

[style="background-color: #ffffff;"]KInd regards,[/style]

[style="background-color: #ffffff;"]Ralph Willemsen[/style]