Troubleshooting a "Login failed - HTTPS Administrator login not allowed from here" Error

12/20/2019 47 23593

DESCRIPTION:

This document covers troubleshooting steps to resolve the error "Login failed - HTTPS Administrator login not allowed from here".

CAUSE:

The "HTTPS Administrator login not allowed from here" error message is generated during the following scenarios:

Scenario 1. Error is generated while trying to manage the SonicWall via VPN tunnel.
Scenario 2. If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites.
Scenario 3. Error while managing the SonicWall from Accept a computer on a wireless Zone. 

RESOLUTION:

Scenario 1: Error is generated while trying to manage the SonicWall via VPN tunnel.

1.  Login to SonicWall management Interface, Click  MANAGE on the top bar  navigate to VPN | Base  Settings page.
2. Edit the appropriate VPN policy, go to Advance tab.
3. Enable the HTTPS box under the Management via this SA option.\
4. Save the changes.
   

Scenario 2: If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites.

1. Login to the SonicWall GUI.
2. Click MANAGE on the top bar , navigate to Network | Interfaces page, and edit the appropriate (e.g. X0 or LAN) Interface.
3. Enable the HTTP or HTTPS under User Login options.
   
4. Save the Changes

Scenario 3: Error while managing the SonicWall from a computer on a wireless Zone.

There are four ways to resolve this issue

• Disable WiFiSec Enforcement on the Wireless Zone or Wireless | Settings page in SonicOS Enhanced, (if you running SonicOS Standard then navigate to Wireless | Settings page), then access the SonicWall's LAN IP address for remote management.
  When WiFiSec enforcement is enabled, it is not possible to access the SonicWall for remote management from a wireless connection unless a tunnel is successfully established using Global VPN Client. The Llogin failed - HTTPS Administrator login not allowed from here error is shown in this situation.
  

• Access the SonicWall's LAN IP address for remote management with a browser on a computer that is located on the LAN, not the wireless connection.

• Use Global VPN Client on the wireless computer to establish the tunnel typically used for WiFiSec connectivity, then access the SonicWall's LAN IP address for remote management.
  
  

  NOTE: With WiFiSec disabled, access rules allowing traffic from the WLAN to the LAN may permit LAN access to all users on the WLAN. This action may not be recommended in some situations for security reasons.

• Enable HTTPS management via the WLAN interface. In SonicOS Standard, create a rule on the Manage | Rules | Access Rules page allowing HTTPS management from any source to the WLAN. In SonicOS Enhanced, select the Network | Interfaces page, edit the WLAN interface and enable HTTPS management.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Scenario 1: Error is generated while trying to manage the SonicWall via VPN tunnel.

1.  Login to SonicWall management Interface, navigate to VPN | Settings page.
2.  Edit the appropriate VPN policy, go to Advance tab.
3.  Enable the HTTPS box under the Management via this SA option.
4.  Save the changes.
    

Scenario 2: If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites. (refer KBID How Can I Setup CFS To Block Internet Access To A Specific Group? )

1. Login to the SonicWall GUI.
2. Navigate to Network | Interfaces page, and Edit the appropriate (e.g. X0 or LAN) Interface.
3. Enable the HTTP or HTTPS under User Login options.
   
   
   
4. Save the Changes

Scenario 3: Error while managing the SonicWall from a computer on a wireless Zone.

There are four ways to resolve this issue 

• Disable WiFiSec Enforcement on the Wireless Zone or Wireless | Settings page in SonicOS Enhanced, (if you running SonicOS Standard then navigate to Wireless | Settings page), then access the SonicWall's LAN IP address for remote management.
  When WiFiSec enforcement is enabled, it is not possible to access the SonicWall for remote management from a wireless connection unless a tunnel is successfully established using Global VPN Client. The Login failed - HTTPS Administrator login not allowed from here error is shown in this situation.
  
  

  NOTE: If you are running SonicOS Enhanced 5.x or above you can find this option in the Diag page (Https://SonicWall_LAN_IP/diag.html) in SonicOS Enhanced.
  

• Access the SonicWall's LAN IP address for remote management with a browser on a computer that is located on the LAN, not the wireless connection.

• Use Global VPN Client on the wireless computer to establish the tunnel typically used for WiFiSec connectivity, then access the SonicWall's LAN IP address for remote management.
  
  

  NOTE: With WiFiSec disabled, access rules allowing traffic from the WLAN to the LAN may permit LAN access to all users on the WLAN. This action may not be recommended in some situations for security reasons.

• Enable HTTPS management via the WLAN interface. In SonicOS Standard, create a rule on the Firewall | Access Rules page allowing HTTPS management from any source to the WLAN. In SonicOS Enhanced, select the Network | Interfaces page, edit the WLAN interface and enable HTTPS management.