Troubleshooting: User cannot log in the firewall.

When you try to access Internet through the firewall or manage the firewall, you may need to enter your Username and Password.  However, although the Username and Password are correct, you still cannot login. This may be caused due to incorrect configurations. This article will list several issues and provide you with possible solutions.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

1. HTTPS User login not allowed from here. - this error is noticed when user is trying to login with a Local User account or a LDAP/RADIUS user account.
   
   
   
   Solution- Login to the firewall with built in "admin" account. Navigate to Network|System|Interfaces, Edit the interface to which the user is trying to connect. Enable HTTPS under User Login section.
   
   
   
   
2. User login denied - User has no privileges for login from that location - when a Local User or a LDAP/RADIUS user wants to manage firewall and is trying to login from WAN zone.
   
   
   
   Solution- Check the admin rights of the user.
   
   NOTE: Limited Admin user cannot login to manage the firewall from WAN zone. For more details, please refer to Access rights for administrators
   
   Navigate to Device|Users|Local Users and Groups|Click Edit button of the user, click tab Groups. Check whether the login user has the administration rights. If not, add an administrator role to the user. 
   
   
   
   For LDAP/RADIUS user-
   - Create a group (Example:- SonicWall Admin Group) on the Active Directory and make sure the required users are added to that group which need to access the SonicWall or have admin rights.
   - Import this AD group on SonicWall and make this group part of "Sonicwall Administrators" group.
   
   Navigate to Device|Users|Local Users and Groups|Click Edit button of the group (which was imported from AD) and make it a member of "SonicWall Administrators" group.
   
   
   
   
3. User login denied - User has no privileges for login from that location - User authentication is enforced on firewall using the user settings in access rules and local users are getting an error message (Error User login denied - User has no privileges for login from that location) when they try to login.
   
   
   
    TIP: To learn more about configuring user settings in access rules and how to use it, please check How can I enforce local authentication for my users before allowing access to the Internet?
   
   This issue is noticed if the user based access rules are configured from zone "ANY" to "ANY" as shown below.
   
   
   
   Solution - Make sure that the appropriate zones are specified in the user based rules as shown below.
   
   
   

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

1. User login not allowed from here - this error is noticed when user is trying to login with a Local User account or a LDAP/RADIUS user account.
   
   Solution- Login to the firewall with built in "admin" account. Navigate to MANAGE|Network|Interfaces, Edit the interface to which the user is trying to connect. Enable HTTPS under User Login section.
   
2. User login denied - User has no privileges for login from that location - when a Local User or a LDAP/RADIUS user wants to manage firewall and is trying to login from WAN zone.  

         
Solution - Check the admin rights of the user.

 NOTE:  Limited Admin user cannot login to manage the firewall from WAN zone. For more details, please refer to Access Rights for Administrators.

Navigate to Users|Local Users and Groups|Click Edit button of the user, click tab Groups. Check whether the login user has the administration rights. If not, add an administrator role to the user.

 
For LDAP/RADIUS user-
- Create a group (Example:- SonicWall Admin Group) on the Active Directory and make sure the required users are added to that group which need to access the SonicWall or have admin rights.
- Import this AD group on SonicWall and make this group part of "Sonicwall Administrators" group.

Navigate to Users|Local Users and Groups|Click Edit button of the group (which was imported from AD) and make it a member of  "SonicWall Administrators" group.

3. User login denied - User has no privileges for login from that location - User authentication is enforced on firewall using the user settings in access rules and local users are getting an error message (User login denied - User has no privileges for login from that location) when they try to login.

 TIP: To learn more about configuring user settings in access rules and how to use it, please check How can I enforce local authentication for my users before allowing access to the Internet?

This issue is noticed if the user based access rules are configured from zone "ANY" to "ANY" as show below.



Solution - Make sure that the appropriate zones are specified in the user based rules as shown below.