Intermittent Login Full error when trying to manage the firewall
11/21/2023
61 People found this article helpful
127,439 Views
Description
Firewall UI gives Login Full error when trying to login to the firewall management page. This affects management locally as well as externally.
NOTE: SSH management is not affected
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090231010827429.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkxMDMsImlhdCI6MTcyMTk2MzEwM30.NOoYKAI9AGvEzc3GRPUBVYJLFHam664o-3t9TnlfZCg)
Cause
One of the possible reasons for this behavior is that the firewall is flooded with multiple login attempts to the SSLVPN services/Virtual Office portal which is open on the WAN side of the firewall.
In the example below, the image references IP address from the network 80.94.95.0/24 with the Geo-IP origin of Romania.
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090231107753379.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkxMDMsImlhdCI6MTcyMTk2MzEwM30.NOoYKAI9AGvEzc3GRPUBVYJLFHam664o-3t9TnlfZCg)
Resolution
If the firewall is already exhibiting the symptoms, please power cycle the Firewall to restore UI access and make the following configuration changes to prevent this issue from re-occurring.
- Upgrade firmware to the most recent version available on mysonicwall.com. KB article: How can I upgrade SonicOS Firmware?
NOTE: If the firewall is operating on a Hotfix Firmware provided by Sonicwall Support, Please refer to the release notes available on mysonicwall.com prior to upgrading the firmware. Please contact Sonicwall Support for any questions. - Log in to the SonicWall Appliance, Click Manage |SSL VPN |Portal Settings. Enable the option "Disable Virtual Office on Non-LAN Interfaces" and click accept
- Create an address object for the network: 80.94.95.0 netmask 255.255.255.0 and then create an access rule to block traffic from that network. Navigate to MANAGE |Objects| Address objects Create address object with zone assignment: WAN, Type: Network, Network: 80.94.95.0 netmask 255.255.255.0
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090231120630687.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkxMDMsImlhdCI6MTcyMTk2MzEwM30.NOoYKAI9AGvEzc3GRPUBVYJLFHam664o-3t9TnlfZCg)
Navigate to MANAGE |Rules | Access Rules Create an access rule from zone WAN to All/Any zone with Action: Deny, Source: 80.94.95.0 netmask 255.255.255.0, Destination: Any. This access rule will block inbound traffic from the network: 80.94.95.0 netmask 255.255.255.0
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090231107691930.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkxMDMsImlhdCI6MTcyMTk2MzEwM30.NOoYKAI9AGvEzc3GRPUBVYJLFHam664o-3t9TnlfZCg)
- Enable Botnet filter To configure Botnet filter, Navigate to Manage |Security services | Botnet Filter
- Use Geo-IP filter to block traffic originating from Romania.KB article: Using Geo-IP filtering to block connections coming to or from a geographic location.
To configure Geo-IP filter, navigate to Manage |Security services |Geo-IP Filter
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090231107667170.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkxMDMsImlhdCI6MTcyMTk2MzEwM30.NOoYKAI9AGvEzc3GRPUBVYJLFHam664o-3t9TnlfZCg)
Related Articles
Categories
Was This Article Helpful?
YES
NO