Helpful ReplyUnstable Gui Access

Author
pacone
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/29 18:27:19
  • Status: offline
2015/07/11 14:53:19 (permalink)
0

Unstable Gui Access

I have two Fortigate units that I manage. One is a 30D and one a 60D both running the same firmware v5.2.3,build670
 
With both units from time to time I am unable to access the web-gui. The only fix appears to be to restart them.
Whilst I am unable to access the gui, the units are still working and processing traffic outgoing.
I am not able to reproduce this, it just happens when it wants to.
 
On the 60D I am unable to SSH in when this occurs, it will give me an SSH login prompt, however once the username and password are entered it just sits there and does not log me in. It's kind of like the login process works, but is separate to the actual management tool itself which is not functional at the time.
 
On the 60D I am also unable to use FortiExplorer from an iPad using a USB cable to access the unit when this occurs.
 
This has happened at least 3 times, maybe more, the only fix as I said above appears to be to power off the unit and power it back on.
 
I have not tried the SSH or FortiExplorer login's on the 30D unit.
#1
Dave Hall
Expert Member
  • Total Posts : 1475
  • Scores: 163
  • Reward points: 0
  • Joined: 2012/05/11 07:55:58
  • Location: Canada
  • Status: offline
Re: Unstable Gui Access 2015/07/11 15:49:00 (permalink)
0
On both units, check the memory usage and check the system log -- if memory usage nears 80% the fgts start to shut down various services (starting with I think virus/web scanning) and some GUI functions.  (There are several posts on this topic -- just use the search link at the top of this page.)  See also KB#11076.
 
 
 
 

NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
#2
pacone
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/29 18:27:19
  • Status: offline
Re: Unstable Gui Access 2015/07/11 17:09:16 (permalink)
0
It implies in the reference material that I read, once the over usage calms down, that the services that have been turned off by conserve mode return by themselves, this does not appear to be the case with the issue I am having. They never seem to return.
 
I am unable to access all types of connectivity to the unit HTTPS, SSH, FortiExplorer etc, not just web gui.
 
The 30D unit would be lucky if it does 300MB per day of traffic, and memory usage seems to stick around the 45-50% mark from what I can see of it.
 
Is there a way I can reliably log memory/cpu usage so I can see if the units are having busy periods that I am not aware of?
post edited by pacone - 2015/07/11 21:58:50
#3
fenixryan
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/07/23 13:02:39
  • Status: offline
Re: Unstable Gui Access 2015/08/06 04:34:09 (permalink)
0
I'm experiencing similar issues with accessing web interface, IE 11 brings up log on, I log in but none of the frames populate (and I mean they are all blank. When I use Chrome 44 the frames are displayed ok until I start drilling in and out of various settings, then the frame just comes up with what I can only describe as a page icon in the middle.
 
I was on 5.2.1, but decided to lift upto latest firmware to find it's still producing the same random frame problem.
 
Reboot seems to sort it for a very short time.
 
Device 100D
#4
Flyshuffle
Bronze Member
  • Total Posts : 21
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/09/05 07:41:45
  • Status: offline
Re: Unstable Gui Access 2015/08/06 07:08:30 (permalink)
0
fenixryan
I'm experiencing similar issues with accessing web interface, IE 11 brings up log on, I log in but none of the frames populate (and I mean they are all blank. When I use Chrome 44 the frames are displayed ok until I start drilling in and out of various settings, then the frame just comes up with what I can only describe as a page icon in the middle.
 
I was on 5.2.1, but decided to lift upto latest firmware to find it's still producing the same random frame problem.
 
Reboot seems to sort it for a very short time.
 
Device 100D




I've had similar experiences on Windows 8.1:
 
IE 11 behaved the exact same way you described on our 300D running 5.2.2, but appears to work for me with 5.2.3
 
Chrome 44 will work for a while, but then I will get the "file icon sad face" in the main frame and have to restart the browser where it will work for a while again. This happens on 5.2.4 and 5.2.3 on our 200D and 300D firewalls. However, I am running AdBlock and a couple of other extensions in Chrome and I haven't gone through and disabled or removed any to see if it is an extension causing the problem. I have added this to an open support case with Forticare.
 
Firefox 39 with no add-ons is working fine across all of our firewalls at the moment.
 
Each time I have not had to do anything different with our firewalls. Simply closing the browser or trying a different browser lets me get on my way. Memory usages is consistently under 60% for all of them, so I don't think that is an issue. 
 
 
#5
FortiAdam
Silver Member
  • Total Posts : 103
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/04/21 07:32:57
  • Status: offline
Re: Unstable Gui Access 2015/08/06 07:21:09 (permalink)
0
There seems to be a recent issue with Chrome and self-signed certificates.  https://www.reddit.com/r/fortinet/comments/3fumsz/chrome_certificate_errors_after_gui_login/
 
If you push [ctrl+shift+i] and then watch the console whilst loading the web gui you might see similar results.
#6
Bernard Pauwels
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/22 05:47:54
  • Status: offline
Re: Unstable Gui Access 2015/08/06 07:23:57 (permalink)
0
Hi,
 
   I have a very similar experience. Installed new FortiAnalyzer, started using FortiAP captive portal and upgraded to 5.2.4, all in one week. And then there was the unstable GUI, so badly that it is almost impossible to work with. That page icon is there all the time. Re-loading the page passes me again through the manual acceptance of the untrusted certificate, but gives me the real page, until the next drill down somewhat later.
 
 I noticed it the first time while starting up the captive portal that just by entering any login information, the icon page was on my management GUI (split second) with the next click.
 
 After the upgrade to 5.2.4 it was new to see records in the event log for continous SSL session close and open to the FortiAnalyzer. 
 
 However by changing the certificate to our star-certificate for the domain, and by using the corresponding correct URL to access the management GUI , the problem with the FortiAnalyzer event log is still there , but I can work comfortably with the GUI. (The SSL session reset probably just is now transparant to me.)
 
 
 I entered this issue with Fortinet support as follows:
 
In FG 5.2.3 and in 5.2.4 the management session disconnects very fast (sometimes after a few seconds) when the FortiAP has been enabled with captive portal

It looks totally unrelated. The management connections has been tested from different interfaces, but all of them lose connection. The trigger for this is just someone accepting the disclaimer in the captive portal, or someone trying to log in in the captive portal. The disconnect for the management GUI is instantly.
Since 5.2.4 there are event-logs in the Fortigate of session loss and connect to the FortiAnalyzer. First it was thought this was the cause, because of the timing is correlated, but it might be that not only the management console gets disconnected, but also at the same time the FortiAnalyzer.

If one works with a non-trusted SSL certificate (mostly the case for management connection to the Fortigate) then one has to pass the several steps to advanced mode in the browser accepting the non-matching certificate. Working with a valid certificate might obscure the session disconnect for the manager.

Disabled SSL for FortiAnalyzer, but that didn't help. So the FortiAnalyzer was not the cause but also a victim ???
#7
Bernard Pauwels
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/22 05:47:54
  • Status: offline
Re: Unstable Gui Access 2015/08/11 03:06:17 (permalink)
0
It is not related to Chrome per se. The Chrome and other browsers are stable when a valid certificate (correct name mapped for the used URL) is used. That's at least my experience. 

Attached Image(s)

#8
Bernard Pauwels
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/22 05:47:54
  • Status: offline
Re: Unstable Gui Access 2015/08/11 05:54:11 (permalink) ☄ Helpfulby jach77 2015/08/11 08:25:10
0
IE is a different story than CHROME. But still I see other unstable behaviour if an unsecured certificate is used.

Attached Image(s)

#9
rezendecs
Bronze Member
  • Total Posts : 24
  • Scores: -2
  • Reward points: 0
  • Joined: 2013/10/23 04:31:39
  • Status: offline
Re: Unstable Gui Access 2015/08/21 12:26:32 (permalink)
0
Somebody can solve this issues?
 
   After upgrade to 5.2.X, many of my Fortigates have Web Gui issues.
   The Web Gui disconnect suddenly while I'm working and before the idle timeout configuration.
 
Regards,
#10
Paul S
Gold Member
  • Total Posts : 168
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/05/02 16:49:52
  • Status: offline
Re: Unstable Gui Access 2015/08/21 15:43:02 (permalink)
0
rezendecs
Somebody can solve this issues?
 
   After upgrade to 5.2.X, many of my Fortigates have Web Gui issues.
   The Web Gui disconnect suddenly while I'm working and before the idle timeout configuration.
 
Regards,




sharing your exact version is normally a good idea.  If your exact version is 5.2.4, then others have also mentioned this. It might be a bug that needs resolved in a future release.
 
if your version is less than 5.2.4, then you should share as much info as possible. also check your browsers console for errors.

FG200D 5.6.5 (HA) - primary
FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
FAZ-VM 5.6.5  |  Fortimail 5.3.11
Network+, Security+
#11
sanketgoh
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/08/19 22:10:18
  • Status: offline
Re: Unstable Gui Access 2015/08/25 02:20:30 (permalink)
0
Hi,
 
AS you havent mentioned on which browser you are working.
Please use firefox browser with all cookies deleted. It works perfect on firefox.
#12
sanketgoh
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/08/19 22:10:18
  • Status: offline
Re: Unstable Gui Access 2015/08/25 02:20:31 (permalink)
0
Hi,
 
AS you havent mentioned on which browser you are working.
Please use firefox browser with all cookies deleted. It works perfect on firefox.
#13
MartinSperrin
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/29 06:23:40
  • Status: offline
Re: Unstable Gui Access 2015/10/29 07:07:02 (permalink)
0
#14
Jump to:
© 2019 APG vNext Commercial Version 5.5