Maybe someone with a deeper understanding can shed some light on this.I've set up an IPsec VPN using certificate-based authentication and tested it with a small user group — it works great.I then handed it over to software delivery. They did what they usually do with the SSL-VPN profile: extracted the config from the registry and bundled it with FortiClientVPNSetup_7.2.8.1140_x64.exe.Now the issue after deployment:The IPsec profile appears in FortiClient. The user selects it and clicks Connect → Status shows Connected.However:Bytes received: 0 (remains at 0)Bytes sent: $somenumberOnly working fix so far:Uninstall FortiClient and remove all registry traces. & install FortiClient and manually add the IPsec profile.What doesn't work:Uninstalling and reinstalling FortiClient, then manually adding the IPsec profile — still connects, but no incoming data.Adding the IPsec profile under a different name. So it seems there is something in the registry that messes with IPSec exclusively?I know that the PSK is encrypted but we don't have a PSK, we use certificates.

Visitor III

Solved

Forticlient. 3rd party software deployment bricks IPSec X.509 but not SSL-VPN?

Forum|Forum|1 year ago
May 7, 2025
2 replies
982 views

Maybe someone with a deeper understanding can shed some light on this.

I've set up an IPsec VPN using certificate-based authentication and tested it with a small user group — it works great.

I then handed it over to software delivery. They did what they usually do with the SSL-VPN profile: extracted the config from the registry and bundled it with FortiClientVPNSetup_7.2.8.1140_x64.exe.

Now the issue after deployment:

The IPsec profile appears in FortiClient. The user selects it and clicks Connect → Status shows Connected.
However:

Bytes received: 0 (remains at 0)
Bytes sent: $somenumber

Only working fix so far:

Uninstall FortiClient and remove all registry traces. & install FortiClient and manually add the IPsec profile.

What doesn't work:

Uninstalling and reinstalling FortiClient, then manually adding the IPsec profile — still connects, but no incoming data.
Adding the IPsec profile under a different name.

So it seems there is something in the registry that messes with IPSec exclusively?

I know that the PSK is encrypted but we don't have a PSK, we use certificates.

Best answer by bluemerle

Seems to be a bug in the FortiClientVPN v7.4.2 that most of our users had installed.

We are looking to upgrade to FortiClientVPN v7.4.3 or v7.2.9

Still testing.

# Update

Works fine now with FortiClientVPN v7.4.3, v7.4.2 is bugged.

bluemerleAuthorAnswer

Visitor III

Seems to be a bug in the FortiClientVPN v7.4.2 that most of our users had installed.

We are looking to upgrade to FortiClientVPN v7.4.3 or v7.2.9

Still testing.

# Update

Works fine now with FortiClientVPN v7.4.3, v7.4.2 is bugged.

bluemerleAuthor

Visitor III

PS: Fallback to SSL-VPN is not working with v7.4.3 - Bug ID

1104520

When trying to connect to VPN, the connection status stuck at 98%.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded