Skip to main content
ScottyT
ScottyT
New Member
November 26, 2024
Question

FortiClient EMS IPsec Connectivity Freezing

  • November 26, 2024
  • 3 replies
  • 1643 views

We are rolling out the FortiClient EMS with an IPsec connection profile to all our users. I have it setup with Azure SAML to perform the authentication, without user intervention. However, sometimes we are noticing that upon reboot the client hangs during the IPsec VPN connection, and as a result it blocks ALL internet access on the device. The FortiClient can't communicate with the EMS Cloud server, and you are unable to open any web pages. The only solution is to reboot or open the EMS client and force a disconnect. 

 

Has anyone experienced this? Some users don't have the issue, while others seem to have it more often. (probably because they shutdown/restart more than others)

 

There's no error, and nothing I can see in the logs that is helpful. Thanks. 

3 replies

sjoshi
Staff
sjoshi
Staff
November 27, 2024

Hi @ScottyT,

 

Share me the FCT and FGT version.

 

Collect FCT diagnostic output during issue time.

https://docs.fortinet.com/document/forticlient/7.4.1/administration-guide/748524/diagnostic-tool

 

Collect below logs from FGT

# diagnose debug application samld -1
# diagnose debug application sslvpn -1
# diagnose debug enable

 

# diagnose debug disable >> to stop it

 

Thanks, Salon
    bhbryn
    bhbryn
    New Member
    November 27, 2024

    I am experiencing this issue right now and will need guidance on how to resolve this please. Thanks

    ScottyT
    ScottyTAuthor
    New Member
    November 27, 2024

    I'm trying to collect logs and get diagnostic data, although it's hard when the user is remote and you can't get connectivity to their machine. Are you also using SAML/Azure authentication with your clients, or something else? Just curious. 

    gesta
    gesta
    Explorer
    November 28, 2024

    Same here. Which FCT/FGT/EMS version you are using?

    Does your Forticlient client show that the VPN connection is still UP but has no Internet Access?

    ScottyT
    ScottyTAuthor
    New Member
    November 28, 2024

    We are running FortiClient v7.2.5.1053, FortiGate v7.4.5, and EMS v7.2.5.1061. Our EMS is in the Cloud. 

     

    No, it never shows "up" with no internet. The client shows the connecting arrows and that's when the internet access is blocked. We are able to force a disconnect and reconnect when this happens. It always reconnects properly, when we manually force it. 

    Terms & ConditionsAccessibility statement