Good day to everyone.
I have two Cisco ASA running on FPR2130 assembled into a balancing group, for example:
vpn-gw1.example.com
vpn-gw2.example.com
general address vpn.example.com.
Firmware version 9.18.3.56
Anyconnect 4.10.07062
At the moment, all our employees work through profiles with two-factor authentication using SAML. With two-factor authentication, after entering the code from TOTP generator, some users catch the error ERR_SSL_PROTOCOL_ERROR.
While the error is not permanent and may appear to the user a couple of times a week, and then not appear. Some users catch the error stably between 8 a.m. and 10 a.m., after they connect normally, the error may appear on one Gateway and not appear when trying to connect to the second Gateway.
The problem is of a floating nature, one of the most popular solutions is cleaning cookies and cache in the default browser, sometimes deleting the cisco anyconnect profile helps, sometimes cleaning the SSL cache in the browser properties in the control panel
The number of active users in the middle of the day is approximately 1,500 people per device. Most of them do not face the problem, but it is frightening that the problem can manifest itself in anyone at any moment
There is an understanding that the problem is still in the workstations, but maybe someone has encountered and has a universal solution
I will be glad of any help
