Troubleshooting Tip: FortiClient stuck in 'Connecting' status due to Geofencing being set to 'Allow' without selecting any countries
| Description | This article describes how to resolve an issue where FortiClient gets stuck in the 'connecting' status due to Geofencing being set to 'Allow' without selecting any countries. |
| Scope | FortiSASE v24.3.59. |
| Solution | The FortiSASE Geofencing feature controls access by allowing or blocking remote user connections and edge device connectivity to FortiSASE’s security Point of Presence (PoP) based on the originating countries, regions, or infrastructures.
By default, when the Country/Region setting is set to Deny with no countries selected, FortiSASE enforces no restrictions.
However, if the status is set to Allow without specifying any countries, FortiSASE interprets this as allowing connections from no locations and automatically applies an underlying rule that denies all connections.
This will cause FortiClient to become stuck in the 'connecting' status because the session handshake with FortiSASE is not completed, as FortiSASE does not send any response back.
After a while, the session initiation times out, and FortiClient returns to the connection page.
To resolve this issue, either:
Related article: |
