(1) Most time users can login SSL VPN, so there should not configuration error.
(2) It may be the cause that the login users reached the max number. From the command “display license” we can see that total 60 users can login SSL VPN concurrently.
Device ESN is: 2102xxxxHQZ0B6000075
The file activated is: hda1:/lic6047002844-a627d102f71_usg5530s.dat
The time when activated is: 2011/09/30 17:44:14
VFW : 15
SSL VPN Concurrent User: 60 //total 60 users can login SSL VPN concurrently.
IPS : Enabled; service expire time: 2017/09/29
Anti Virus : Enabled; service expire time: 2017/09/29
Anti Spam : Enabled; service expire time: 2017/09/29
Pre-defined URL category query : Enabled; service expire time: 2017/09/29
From the command “display onlineuser’ we found that there were only 9 Concurrent Users, so it should not be this cause.
(3) So it should be other reason.
Check the version, and it’s the latest version(USG5500 V300R001C10SPC200) until now, it should not be some known bug.
In the diagnose view, we found from result of the command “display rtm user-list” that when this issue occurred, there exists a user whose User Id is 0. When all the things are normal, there is no user whose user id is 0.
Then we discussed with R&D engineer and learnt that the max user id is 509. After the user id reaches 509, it will go back to 0. This is a bug when user id 0 exists, the user can’t login SSL VPN virtual gateway. After the user whose user id is 0 logouts(by being kicked off or expires), then the new user can login normally.
Kick off the user whose user id is 0 by administrator.
No user whose user id is 0.
Then new users can login SSL VPN virtual gateway.
The other temporary solution is that just wait the user whose user id is 0 logout by itself or expires.
Waiting the new version is released, and upgrade to the new version.