Cannot connect to SSL VPN, FortiGate 5.4 (Windows 7 and XP) Part2
Description
This article addresses the error message "Cannot connect to VPN. The VPN server could be unavailable." which may be seen when Windows 7 or Windows XP tries to connect to SSL VPN when using v5.4.
Scope
FortiGate All Models
Solution
In addition to enabling SSLv3 and/or TLSv1.0, it may also be needed to allow any cipher strength (high and medium):
conf vpn ssl setting
This may have to be done on every authentication rule that allows Windows 7 and XP access through VPN SSL.
This article addresses the error message "Cannot connect to VPN. The VPN server could be unavailable." which may be seen when Windows 7 or Windows XP tries to connect to SSL VPN when using v5.4.
Scope
FortiGate All Models
FortiOS as of v5.4
Solution
In addition to enabling SSLv3 and/or TLSv1.0, it may also be needed to allow any cipher strength (high and medium):
conf vpn ssl setting
set sslv3 enable // might be needed
set tlsv1-0 enable // might be needed
conf authentication-rule
edit <rule_id>
set cipher any
next
end
end
conf authentication-rule
edit <rule_id>
set cipher any
next
end
end
Cipher strength:
set cipher ?any Any cipher strength.high High cipher strength (>= 168 bits).medium Medium cipher strength (>= 128 bits).
This may have to be done on every authentication rule that allows Windows 7 and XP access through VPN SSL.