Troubleshooting a "Login failed - HTTPS Administrator login not allowed from here" Error

06/13/2023 145 People found this article helpful 501,849 Views

Description

This document covers troubleshooting steps to resolve the error "Login failed - HTTPS Administrator login not allowed from here".

Cause

The "HTTPS Administrator login not allowed from here" error message is generated during the following scenarios:

Scenario 1. Error is generated while trying to manage the SonicWall via VPN tunnel.
Scenario 2. If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites.
Scenario 3. Error while managing the SonicWall from Accept a computer on a wireless Zone.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Scenario 1: Error is generated while trying to manage the SonicWall via VPN tunnel.

Login to SonicWall management Interface, Click Network | IPsec VPN | Rules an settings | Policies.
Edit the appropriate VPN policy, go to Advance tab.
Enable the HTTPS box under the Management via this SA option.
Save the changes.

Scenario 2: If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites.

Login to the SonicWall GUI.
Click Network on the top bar , navigate to System | Interfaces page, and edit the appropriate (e.g. X0 or LAN) Interface.
Enable the HTTP or HTTPS under User Login options.

Save the Changes

Scenario 3: Error while managing the SonicWall from a computer on a wireless Zone.

Enable HTTPS management via the WLAN interface. Navigate to the Network | System | Interfaces page, edit the WLAN interface and enable HTTPS management. By doing so you can manage the firewall on the WLAN interface IP. For example as shown in below screenshot (https://172.168.10.1/sonicui/7/login/#/).

If you don't want to give management access on new interface IP (i.e WLAN interface IP) but want to give access on the same LAN interface IP for the WLAN connected devices, then create a rule by navigating to Policy | Rules and policies | Access Rules page. Allowing HTTPS management as service from WLAN zone to LAN zone, source as "any" destination as "All X0 management IP".

NOTE: Please note Legacy WiFiSec Enforcement support is one of the feature no longer used/supported in UI7.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Scenario 1: Error is generated while trying to manage the SonicWall via VPN tunnel.

Login to SonicWall management Interface, Click MANAGE on the top bar navigate to VPN | Base Settings page.
Edit the appropriate VPN policy, go to Advance tab.
Enable the HTTPS box under the Management via this SA option.
Save the changes.

Scenario 2: If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites.

Login to the SonicWall GUI.
Click MANAGE on the top bar , navigate to Network | Interfaces page, and edit the appropriate (e.g. X0 or LAN) Interface.
Enable the HTTP or HTTPS under User Login options.

Save the Changes

Scenario 3: Error while managing the SonicWall from a computer on a wireless Zone.

There are four ways to resolve this issue

Disable WiFiSec Enforcement on the Wireless Zone or Wireless | Settings page in SonicOS Enhanced, (if you running SonicOS Standard then navigate to Wireless | Settings page), then access the SonicWall's LAN IP address for remote management.
When WiFiSec enforcement is enabled, it is not possible to access the SonicWall for remote management from a wireless connection unless a tunnel is successfully established using Global VPN Client. The Login failed - HTTPS Administrator login not allowed from here error is shown in this situation.

Access the SonicWall's LAN IP address for remote management with a browser on a computer that is located on the LAN, not the wireless connection.

Use Global VPN Client on the wireless computer to establish the tunnel typically used for WiFiSec connectivity, then access the SonicWall's LAN IP address for remote management.

NOTE: With WiFiSec disabled, access rules allowing traffic from the WLAN to the LAN may permit LAN access to all users on the WLAN. This action may not be recommended in some situations for security reasons.

Enable HTTPS management via the WLAN interface. In SonicOS Standard, create a rule on the Manage | Rules | Access Rules page allowing HTTPS management from any source to the WLAN. In SonicOS Enhanced, select the Network | Interfaces page, edit the WLAN interface and enable HTTPS management.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Scenario 1: Error is generated while trying to manage the SonicWall via VPN tunnel.

Login to SonicWall management Interface, navigate to VPN | Settings page.
Edit the appropriate VPN policy, go to Advance tab.
Enable the HTTPS box under the Management via this SA option.
Save the changes.

Scenario 2: If SonicWall is configured to enforce users to enter a username and password before accessing the Internet websites. (refer KBID How Can I Setup CFS To Block Internet Access To A Specific Group? )

Login to the SonicWall GUI.
Navigate to Network | Interfaces page, and Edit the appropriate (e.g. X0 or LAN) Interface.
Enable the HTTP or HTTPS under User Login options.
Save the Changes

Scenario 3: Error while managing the SonicWall from a computer on a wireless Zone.

There are four ways to resolve this issue

Disable WiFiSec Enforcement on the Wireless Zone or Wireless | Settings page in SonicOS Enhanced, (if you running SonicOS Standard then navigate to Wireless | Settings page), then access the SonicWall's LAN IP address for remote management.
When WiFiSec enforcement is enabled, it is not possible to access the SonicWall for remote management from a wireless connection unless a tunnel is successfully established using Global VPN Client. The Login failed - HTTPS Administrator login not allowed from here error is shown in this situation.

NOTE: If you are running SonicOS Enhanced 5.x or above you can find this option in the Diag page (Https://SonicWall_LAN_IP/diag.html) in SonicOS Enhanced.

Access the SonicWall's LAN IP address for remote management with a browser on a computer that is located on the LAN, not the wireless connection.

Use Global VPN Client on the wireless computer to establish the tunnel typically used for WiFiSec connectivity, then access the SonicWall's LAN IP address for remote management.

NOTE: With WiFiSec disabled, access rules allowing traffic from the WLAN to the LAN may permit LAN access to all users on the WLAN. This action may not be recommended in some situations for security reasons.

Enable HTTPS management via the WLAN interface. In SonicOS Standard, create a rule on the Firewall | Access Rules page allowing HTTPS management from any source to the WLAN. In SonicOS Enhanced, select the Network | Interfaces page, edit the WLAN interface and enable HTTPS management.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Troubleshooting a "Login failed - HTTPS Administrator login not allowed from here" Error

Description

Cause

Resolution

Resolution for SonicOS 7.X

Resolution for SonicOS 6.5

Resolution for SonicOS 6.2 and Below

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch