Failure to Authenticate

After defaulting and reconfiguring a Firebox T-15 appliance, all attempts to VPN in via a Mobile VPN with SSL client end in failure. The monitor always reports:
Deny https/tcp 38721 443 0-External Firebox tcp syn checking failed (expecting SYN packet for new TCP connection, but received ACK, FIN, or RST instead). 56 128 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148" tcp_info="offset 5 A 1525280516 win 64240"

What am I missing on my configuration?

Thanks in advance.


  • Options

    Also, the client attempting to authenticate sees the message:
    Waiting for the initial response from server.

  • Options

    Notice on the Deny log message that the source IP addr = and the dest IP addr =
    Are these IP addrs that you would expect for a SSLVPN client attempting to connect?

    How have you set up SSLVPN?
    Routed VPN Traffic or Bridge VPN traffic?

    What does the client end see in the SSLVPN logs?

    You can set up Diagnostic Logging which may help understand the issue:
    . In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> SSL
    . Set the slider to Information or higher

    . In the Web UI: System -> Diagnostic Log -> VPN -> SSL.
    .Click the down arrow and select Information

  • Options

    Hello Bruce,
    I am using these IP addresses for testing. Yes, I've set up SSLVPN and am using Routed VPN Traffic. I also unchecked the Global setting for
    "Enable TCP SYN packet and connection state verification "

    On Monday, I'll try the Diagnostic Log
    Thank you

  • Options
    edited November 2023

    What have you set for the virtual IP addr pool for SSLVPN?
    For Routed VPN Traffic, it should not be a subnet already being used in your config.

Sign In to comment.