Skip to main content
Maerre
Maerre
Explorer III
May 26, 2025
Question

FortiClient connecting only at the 2nd attempt, 1st always fails - IPSEC DIALUP VPN

  • May 26, 2025
  • 2 replies
  • 1357 views

Hi Folks,

 

i've deployed 3 ipsec dialup vpn tunnels and i'm facing the same issue for each one of them.

The 1st time of the day you try to connect via forticlient, insert credential and receive the mfa push notification, the connection always fails, at the 2nd try instead, it works; and this happens for all my tunnels.

Is there any particular configuration to be investigated?

Fortigate version is 7.4.7 and forticlient 7.4.0.1658.

I looked for some technical tips workaround but nothing was found.

Is someone else facing the same issue?

 

Thank you

Regards

2 replies

AEK
SuperUser
AEK
SuperUser
May 26, 2025

Hi Maerre

 

Does it happen when you disable token (just for testing)?

Doe it happen with client 7.4.3?

 

You can also use this command sequence to troubleshoot this case.

diagnose vpn ike log filter ...
diagnose debug console timestamp enable
diagnose debug app authd 60
diagnose debug app fnbamd -1
diagnose debug app ike -1
diagnose debug enable

 

Hope it helps.

AEK
    Maerre
    MaerreAuthor
    Explorer III
    June 12, 2025

    Hi @AEK ,

     

    ran this debugs but nothing helpful, i also searched for some technical tip post but nothing found.
    It still doesn't work and the 1st attempt and i've no ideas how to fix it.

    AEK
    SuperUser
    AEK
    SuperUser
    June 12, 2025

    Hi Maerre

    Try run the above debug commands, collects the output when it fails, and collect the output when it succeed, then compare.. there must be a difference.

    AEK
      TheBongo
      TheBongo
      New Member
      August 5, 2025

      This is a bit older post but we experienced the same and there was no "solution" or any info, so I'm just gonna post it here since maybe someone else has the same problem.

      We've had the exact same and it turns out for us, this is because of the AlwaysOn Device Tunnel from Microsoft. The first time the FortiClient fails it results in disconnecting the device tunnel. After the devicetunnel is down we can connect with the FortiClient.

       

      If the devicetunnel reconnects faster than we connect with the FortiClient, the process repeats.

        AEK
        SuperUser
        AEK
        SuperUser
        August 6, 2025

        Good find. Thanks for sharing, Bongo.

        But I wonder which kind of conflict between the two tunnels is causing this.

        AEK
        Terms & ConditionsAccessibility statement