FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acp
Staff
Staff
Article Id 192998
Description
This article discussed about the single SSL VPN user logins visible as two logins in reports/logs.

Solution
Example.
44  user1  ssl-tunnel 4417 62971290 41629175 21342115
78  user1  ssl-web 4443 0 0 0







This is expected behaviour as visible from 'tunneltype' attribute.
In the above example  'tunneltype = SSL-web' means the traffic is going through SSL-web  and 'tunneltype = SSL-tunne'" means the traffic is going through SSL-tunnel.
When  using only tunnel mode, the SSL-web is used for authentication.
Therefore, after the tunnel is established, there will be no traffic going through SSL-web, all traffic will go through SSL-tunnel.
Thus the recorded bytes for SSL-web is 0.

Even is SSL VPN web mode is disabled, logs for both Tunnel as well as web mode will be get.


Contributors