Problem and solution when an SSL VPN user fails to be authenticated by the AD server

24

You need to change the parameter settings of the import server filter and configure correct user information for SSL VPN role authorization/users. For details, see:
USG6600V5R1C30 SSLVPN user login issue

Other related questions:
Problem and solution when a KVM fails
Possible cause: The problem occurs when the power supply is unstable and has transient breaks after the reconstruction of the UPS. Solution: 1. Reinsert the USB cable. 2. If the problem persists, restart the KVM. 3. Replace the faulty keyboard and mouse or the KVM. 4. If the problem persists, restart the SVP.

Problem and solution when a firewall cannot be added to the NMS
To solve the problem that a firewall cannot be added to the NMS (NMS workstation), perform the following steps: 1. Check whether the SNMP settings on the firewall are correct. For example, check whether the SNMP version matches the NMS. 2. Check whether the NMS is reachable to the firewall. 3. Check whether access management in SNMP mode is enabled on the interface connecting the firewall to the NMS. That is, you need to run the service-manage snmp enable command on the interface to allow the peer device to access the firewall in SNMP mode. By default, the SNMP permission of the interface is disabled. In this case, even if the security policy for the interzone between the zone where the interface resides and the Local zone is enabled, you cannot access the device through the interface. This is because that the service-manage function has a higher priority than the security policy. For details, see USG6350 can't add to the NMS server.

Problem and solution when the URL category query server fails to be connected
To locate and rectify the fault that the URL category query server fails to be connected, perform the following steps: 1. Check whether there is a URL remote query license. Check whether the URL remote query license is enabled and valid on the CLI or web UI. 2.Check whether the networking and the configuration is correct. a.Run the display url-filter global-configuration command to check whether the server state is Connected. If the state is another value, the server is not connected. b. Check whether the DNS server is correctly configured and test the connectivity between the device and the website sec.huawei.com. This website is Huawei security upgrade and authentication center. To connect to a URL remote query server, the device must pass authentication on this website. If the device cannot access the website, it cannot connect to the URL remote query server. c. Check the URL filtering profile.Run the display url-filter global-configuration command to check whether a country name is configured. If no country name is configured for the firewall, it cannot connect to the URL remote query server. d. Check related configurations on the device.View IPsec and tunnel configurations and check whether connection request packets enter IPsec tunnels. If so, analyze the networking and configuration and ensure that the packets can be correctly sent to the authentication center, scheduling server, and query server. e. View security policies and check whether security policies have blocked connection request packets.Several special IP addresses and port numbers are involved for URL server connections. Ensure that the packets sent to the URL servers can pass the check of security policies. f. Check whether the update host source command is configured.This command has an influence on the source address used to connect to the URL remote query server. If this command is configured, the specified interface address serves as the source address of query packets sent to the URL remote query server.If this command is configured, ensure that the packets in response to the packets sent from the specified address to the URL server can be properly forwarded to the device.

Can SSL VPN users log in without being authenticated
No. SSL VPN users can log in only after being authenticated.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top