Skip to main content
RossBOFH
RossBOFH
Visitor III
October 27, 2025
Solved

Forticlient SAML login looping at 98%

  • October 27, 2025
  • 3 replies
  • 1337 views

We have some clients using the Forticlient VPN who get looping at 98%. Others are connecting with no issues.

The login is set up to use SAML from EntraID. They successfully log in and this can be seen in the EntraID logs. The connection process gets to 98% and the user is prompted to log in again. 

I have tried this on a failing device with both the latest 7.4 version and with an old 7.0.8 version and get the same result. The FortiGate the VPN connects to is running 7.4.9.

Checking the logs on the FortiGate, there is no indication that the user attempted to connect. Checking the event viewer on the failing client there are no errors listed refering to the FortiClient or for the time the login was attempted.

The clients are all Windows 11.

I did find one article about setting the global ssl_vpn_webmode to enabled but this was already set when I checked.

Best answer by RossBOFH

Thanks to everyone who looked at this and especially to @funkylicious and @yderek.

The answer has turned up in an old KB article - https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-fails-at-98/ta-p/248363

The issue was resolved by disabling IPv6 on the clients. The FortiGate end point is only running IPv4 at this time and for some reason some clients are failing when connecting using an IPv6 address.

3 replies

yderek
Staff
yderek
Staff
October 27, 2025

I am not a FortiClient Team expert, but I know anything above 90% is software/laptop issue, have you try to connect using different machine using the same configuration and credential ? 

RossBOFH
RossBOFHAuthor
Visitor III
October 27, 2025

Thanks for getting back to me.

Yes we have. I know that it is specific machines but the reason is escaping me. I have removed and reinstalled the client, tried different logins on the machine, even tried talking to it nicely. 

All the devices are on the same build of Windows OS and all have the same patches applied. There is a standard set of apps and drivers installed. There should be no difference between the working and not working devices.

funkylicious
SuperUser
funkylicious
SuperUser
October 28, 2025

hi,

try enabling the logs in FortiClient, maybe they will tell you something useful

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-enable-debug-log-in-FortiClient/ta-p/190433 

"jack of all trades, master of none"
    RossBOFH
    RossBOFHAuthorAnswer
    Visitor III
    October 30, 2025

    Thanks to everyone who looked at this and especially to @funkylicious and @yderek.

    The answer has turned up in an old KB article - https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-fails-at-98/ta-p/248363

    The issue was resolved by disabling IPv6 on the clients. The FortiGate end point is only running IPv4 at this time and for some reason some clients are failing when connecting using an IPv6 address.

    Terms & ConditionsAccessibility statement