If you have a FAZ look for the reason as "Lost the connection"
Mar 24 14:49:03 172.16.x.x logver=600098661 timestamp=1585086540 tz="UTC-7:00" devname="FG5H1E" devid="FG5H1Exxxxxxx" vd="root" date=2020-03-24 time=14:49:00 logid="0101039425" type="event" subtype="vpn" level="information" eventtime=1585086540 logdesc="SSL VPN tunnel down" action="tunnel-down" tunneltype="ssl-web" tunnelid=1429696930 remip=x.x.x.x user="user" group="SSL_VPN_FULL" dst_host="N/A" reason="Lost the connection" duration=12156 sentbyte=0 rcvdbyte=0 msg="SSL tunnel shutdown" If you have a FAZ or SIEM I'd attempt to correlate if these users are coming from a similar ISP. Or perhaps all those folks are on crappy DSL? Or people with problems have the same FortiClient version? Also check your build. What are you on right now? We went to 6.0.9 recently and a VPN bug required us opening a ticket with Fortinet to get a pre 6.0.10 build (v6.0.9 build8661) to fix it.
Make sure you are on at least 6.0.10. .9 was super buggy. We recently had this issue again after 150 days of uptime. We used the daily restart command to schedule a reboot outside of our production window. Conf sys global Set daily-restart enable Set restart-time 02:00 End Exit You need to remember the next day to log back into the cli and change to set daily-restart disable or it will reboot every night!
