Skip to main content
rmreddy
Staff
rmreddy
Staff
December 12, 2025

Technical Tip: IPsec VPN over TCP support with Azure SAML on FortiGate

  • December 12, 2025
  • 0 replies
  • 627 views
Description This article describes an issue with IPsec VPN over TCP Support with Azure SAML on FortiGate v7.4. The article provides a solution to the problem where the VPN connection fails to establish and results in a timeout during the connection phase.
Scope FortiGate, FortiClient.
Solution

The user's connection will be timed out while connecting to a VPN with a custom TCP port. Debug logs show similar output to the following.

 

ike V=root:accepts ike tcp-transport(vd=0, vrf=0, intf=0:4, 192.168.1.2:11257->x.x.x.x:62870 sock=34 refcnt=2 ph1=(nil)) (2).
ike V=root:deletes tcp-transport(vd=0, vrf=0, intf=0:4, 192.168.1.2:11257->x.x.x.x:62870 sock=34 refcnt=2 ph1=(nil)) (2).
ike V=root:destorys tcp-transport(vd=0, vrf=0, intf=0:4, 192.168.1.2:11257->x.x.x.x:62870 sock=34 refcnt=0 ph1=(nil)) (1).

 

  • This is due to an issue with FortiClient v7.4.1, 7.4.2, and 7.4.3. The issue is resolved in FortiClient v7.4.4.
  • If the free FortiClient version is being used, make use of the Fortinet Support Forum.

To troubleshoot tunnel connectivity, see Troubleshooting Tip: Troubleshooting IPsec Site-to-Site Tunnel Connectivity.

Related documents:

Encapsulate ESP packets within TCP headers

FortiOS 7.6.0 SSL VPN to IPsec VPN Migration
    Terms & ConditionsAccessibility statement